Trends in security qualifications vary on a year by year basis but these two have been consistently in the top ten. For those interested in a typical top ten list take a look at this article from Forbes.
This is a big industry with institution members having to commit considerable time, effort and finance to earn and maintain these qualifications.
The positives
There are some clear positives:- Development - they require you study to pass them as well as maintain through ongoing professional development;
- Job hunting - they provide potential recruiters with assurance over your level of understanding / knowledge;
- Job applications - they increase your chances of reaching the initial shortlist.
- Earnings - they make it easier to move between roles and negotiate a higher salary.
The not so positives
The positives need to be balanced with the not so positives:- Membership cost - if you’ve got certifications it can get expensive to maintain;
- Continuing Professional Education (CPE) Credits - there is considerable overhead in maintaining your CPEs;
- US focus - many of the institutions charge fees in dollars making them subject to currency fluctuations;
- Exams - these are expensive, long and often difficult to pass.
Not a replacement for experience
Qualifications provide a level of assurance over your ability, but expertise relies on experience. Senior positions typically require a combination of qualifications and experience. In these positions’ companies expect candidates to hit the ground running.For the more junior positions there is an expectation that candidates will require more support in mentoring and development to reach the required experience level. At a junior level, qualifications can be a real differentiator when applying for positions.
Given the shortage of skilled people in the industry there is a wider recognition that new staff will require investment to develop.
Continuous development
The security landscape is changing at a rapid pace. Even if you don’t go down the qualification route you need to have a desire to challenge yourself and develop. There are plenty of resources that you can make use of including webinars, conferences, online study and local groups. Many of these are available at no cost.How many qualifications should you have?
This is a difficult question and one I have personally struggled with an answer for. I’ve currently got four professional security qualifications and am working on my fifth. From conversations with my peers the answer relates more to the role that you are in. For an Information Security Manager / Officer career path having either CISM / CISSP or both can be a real positive.I’m personally intending to achieve a further two qualifications in the next few years (CRISC & CISSP). That will take me up to four qualifications I have to maintain memberships for. Given how costly this can be it will be hard to justify the expenditure beyond that.
I’ve worked with a variety of different people within the industry. The majority (but not all) have one or more qualifications.
It’s worth noting that some people choose to let them lapse. Perhaps in this instance they were an enabler whilst the individuals didn’t have the required experience and a cost thereafter.
Can you have too many qualifications?
This is an interesting point and not something I’d thought much until recently. After reviewing a candidate CV I was surprised by the number of qualifications and active memberships they were maintaining. The CV in question showed that the individual had around 3 years’ experience and was averaging three major qualifications per year. So, early on in their career and they were already paying out for several memberships and 9 qualifications.Roles in security can be highly demanding and trying to balance development, work and personal life can be a challenge. Over the last few years I’ve been trying to achieve one qualification per year. I’m not convinced there is sufficient benefit to the individual to pay the cost required to maintain so many memberships and qualifications.
Final thoughts
From personal experience my qualifications have opened up opportunities and helped me get onto the initial short list for positions. This has at least given me the opportunity to impress future employers in person. They are not a replacement for experience but can certainly become an enabler when accompanied with it.Its important to note that not all qualifications are equal. Have a look at the job specifications you’re most interested in and choose qualifications that are going to enable you to progress within them. Consider the value they will give you to make sure you can justify the time, money and effort it will take to achieve and maintain them.
These are my personal views. I’d be keen to hear your thoughts.
No comments:
Post a Comment