Dual Threats: How to Build Expertise, Certifications in Multiple Subjects

Four professionals discuss the value of MBAs, CFAs and other certifications and degrees from beyond the security field. Should you become a 'dual threat'?

He believes having a deeper knowledge of business is critical to CSOs, who now must be aware of the interrelated nature of risk. "It is convenient to divide the world into information security and physical security and supply chain security and whatever else, but you have to protect the enterprise by taking the whole view," says Kent.

Tim Williams's path in life is strikingly similar to Kent's. Global director of security for $44.9 billion manufacturer Caterpillar, Williams had his eye on a career in public law enforcement. After earning an undergraduate degree in criminology, however, he went to work for Procter & Gamble. There, he got in-the-trenches training on how things were done at one of the world's top-performing companies.

"I consider it a gift that I got my start at such a great company," says Williams, who is also president of ASIS International, an association for security professionals. That early experience convinced Williams to go for his MBA. This took several years due to a heavy international travel schedule at Boise-Cascade and Nortel Networks.

The long hours studying at night and on planes were worth it in the end, he says. "I knew that [the MBA] would give me a better basis for management-level positions regardless of what track I took." Indeed, when Caterpillar came knocking, he was able to take a seat at the table with the other top executives. There are other ways to develop broader business perspective than getting an MBA, but it is clearly a sound credential for CSOs—one that garners automatic respect from business leaders.

Earning Multiple Certifications: Not for the Lazy
Certifications are another avenue to attaining diverse qualifications to enrich your career, especially for those just starting out. As with degrees while working, earning certifications can require a lot of self-discipline, not to mention an autodidactic nature. Chad McDonald spent more than one year of his life earning three certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Project Management Professional (PMP).

McDonald was thrust into the world of security a few years back when he was working in computer support at Georgia College & State University in Milledgeville. Two students flooded the college's mail server with malicious messages, shutting the system down for several hours. (The students were later prosecuted; one was deported.) The school's IT staff had to scramble to contain the damage and McDonald was called upon to help.
"That incident opened my eyes to the fact that we were at risk and to what we could do to mitigate those risks," says McDonald. Soon, he found himself acting as the college's one-man security shop. On his own accord—out of his own pocket and without taking a prep course—he started spending his weekends studying for the CISSP. After a full year, he took the test and passed.