When I search for information security certifications through Google, I get about 9,560,000 results. When I search for CIO certifications through Google, I get about 1,330,000 results. (About 14% as many compared to infosec). The problem is there is no real certification standard for a CIO. There is no governing body, ethos, testing, yearly requirements, etc. There is nothing of note. A few courses here and there. An MBA with a CIO focus. A certificate program. However, no overall governing body or bodies that direct the capabilities and qualifications of a CIO. Why is that? I ask myself and I don’t really know. I can’t explain it off as being an immature industry since IT has been around for 30-40 years. Isn’t that long enough to develop a standard discipline that is truly a profession? Can we really call CIOs professionals when there is no governing body or measurements to insure competence? Yes, there are programs at CMU, UMUC, and a few others but who or what is the governing body determining content, entry requirements, time in grade, time in service, entrance exams? Most likely, there are not entrance exams. Some of the certificate programs cover information security/assurance but there is no requirement for a CISSP, CISM, or CISA to get in. There should be. Minimum necessary. Many only require the following: Provide documentation of an undergraduate degree and/or a minimum of five (5) years professional experience and/or demonstration of progressively increasing management/leadership responsibility. The requirements for a CISSP or a CISM are more stringent. When I look at the courses, some are only a matter of a day or two: 2011 Leadership – January 24, 25, 26, 2011 E-commerce and E-government – February 14, 15, 16, 2011 Process and Performance Management -March 14, 15, 16, 2011 Enterprise Architecture – April 18, 19, 20, 2011 Strategy and Planning – May 16, 17, 18, 2011 IT Acquisition and Program Management – September 26, 27, 28, 2011 IT Management – October 24, 25, 26, 2011 Information Assurance – November 14, 15, 16, 2011 https://www.treadstone71.com/whitepapers/BuildingaSystem.pdf I think this is a weak statement of our information technology leadership requirements. We should build our information systems as if we build a house. The CIO as the general contractor must understand every facet of the information system. They must be certified in all facets. They should lose their certification for shoddy workmanship. You don’t build a house with a risk-based approach so why would anyone think we can build an information system based upon risk. It is time the information technology industry force march those aspiring to be a CIO to meet minimum time in grade and time in service requirements coupled with a series of certifications and a career of proven accomplishments. Time to start building information systems as if we were building a house. http://www.treadstone71.com/whitepapers/BuildingaSystem.pdf http://blogs.csoonline.com/1459/cyber_defenses_bloodied_battered_and_bruised Related content opinion The Sandbox - RSA Conference 2014 - San Francisco By Jeff Bardin Feb 24, 2014 3 mins Technology Industry IT Leadership opinion NY Times Story on Snowden Way Off the Mark Snowden story worthless - Basic IT protocols ignored - By Jeff Bardin Jul 05, 2013 2 mins Data and Information Security Network Security opinion Maskirovka – Tactical, Operational, Strategic Deception "The Op is in Motion" By Jeff Bardin Apr 29, 2013 4 mins Physical Security IT Leadership opinion Is this gun smoking? Certified Unethical Training http://attrition.org/errata/charlatan/ec-council/eccouncil_emails.html By Jeff Bardin Mar 15, 2013 14 mins Social Engineering IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe