• United States



CIOs Must Meet Minimum Necessary – Building Information Systems Like Building Houses

May 18, 20113 mins
Business ContinuityCareersData and Information Security

When I search for information security certifications through Google, I get about 9,560,000 results. When I search for CIO certifications through Google, I get about 1,330,000 results. (About 14% as many compared to infosec). The problem is there is no real certification standard for a CIO. There is no governing body, ethos, testing, yearly requirements, etc. There is nothing of note. A few courses here and there. An MBA with a CIO focus. A certificate program. However, no overall governing body or bodies that direct the capabilities and qualifications of a CIO.

Why is that? I ask myself and I don’t really know. I can’t explain it off as being an immature industry since IT has been around for 30-40 years. Isn’t that long enough to develop a standard discipline that is truly a profession? Can we really call CIOs professionals when there is no governing body or measurements to insure competence?

Yes, there are programs at CMU, UMUC, and a few others but who or what is the governing body determining content, entry requirements, time in grade, time in service, entrance exams? Most likely, there are not entrance exams.

Some of the certificate programs cover information security/assurance but there is no requirement for a CISSP, CISM, or CISA to get in. There should be. Minimum necessary. Many only require the following:

Provide documentation of an undergraduate degree and/or a minimum of five (5) years professional experience and/or demonstration of progressively increasing management/leadership responsibility.

The requirements for a CISSP or a CISM are more stringent. When I look at the courses, some are only a matter of a day or two:


Leadership – January 24, 25, 26, 2011

E-commerce and E-government – February 14, 15, 16, 2011

Process and Performance Management -March 14, 15, 16, 2011

Enterprise Architecture – April 18, 19, 20, 2011

Strategy and Planning – May 16, 17, 18, 2011

IT Acquisition and Program Management – September 26, 27, 28, 2011

IT Management – October 24, 25, 26, 2011

Information Assurance – November 14, 15, 16, 2011

I think this is a weak statement of our information technology leadership requirements. We should build our information systems as if we build a house. The CIO as the general contractor must understand every facet of the information system. They must be certified in all facets. They should lose their certification for shoddy workmanship. You don’t build a house with a risk-based approach so why would anyone think we can build an information system based upon risk.

It is time the information technology industry force march those aspiring to be a CIO to meet minimum time in grade and time in service requirements coupled with a series of certifications and a career of proven accomplishments. Time to start building information systems as if we were building a house.