Making sense of cybersecurity qualifications

As organizations push for equitable and transparent credentials, several credentialing initiatives are in the works to make cybersecurity credentials easier to understand and classify according to their value.


IBM’s cybersecurity division has hired nearly 2,000 professionals to its security team since 2015. Leaders recognize that the skills needed to succeed don't always come in the form of a traditional degree, but “the sheer volume of new certifications being created does pose challenges,” says Diana Kelley, global executive security adviser.

It’s a growing problem for many employers. Increasingly, hiring companies must sift through resumes that tout cybersecurity-related degrees, certificates, industry certifications, apprenticeship credentials, digital badges, micro master’s degrees, nanodegrees and other credentials – trying to determine what a candidate really knows and how those credentials fit together.

The influx of credentials is causing plenty of confusion for students, employers, policymakers and for the certifying organizations themselves, says Holly Zanville, senior adviser for credentialing and workforce development Lumina Foundation, a private group focused on increasing success in U.S. higher education.

“It used to be that most of these [credentials] would be awarded by colleges and universities, but not anymore,” Zanville says. “Now it’s industry and professional organizations and third-party groups. “This is making many [people] question the quality of them and, for sure, question what are the meanings of these various credentials.”

It’s also eroding trust in the credentialing industry, says Evelyn Ganzglass, co-director of Connecting Credentials, a collaboration of more than 100 national organizations to make credentials and badges easier to understand, use and interconnect. “There’s a lack of shared understanding of what quality is among the stakeholders, or really trusting that if someone has the certification, how do I know if the person really has that knowledge?” Ganzglass says.

To continue reading this article register now

Microsoft's very bad year for security: A timeline