Back in February, I wrote about a survey by the International Information Systems Security Certification Consortium (ISC)2, the organization that offers certifications including the CISSP, saying that security pros need new skills to deal with the security issues posed by cloud computing and mobile devices. And that was before the recent rash of security breaches.
In that survey, six of 10 respondents said they were looking to add at least one new certification in the next year. At the same time, the report spoke about the "dilution effect" of security certifications - the organization counted more than 40 either vendor-specific or vendor-neutral security certifications available, making it difficult for certification vendors to differentiate themselves.
In a May report, analyst firm Foote Partners ranked IT security certifications No. 4 in certification pay declines for the first three months of the year. So the debate rages on about the value of certifications.
Yet a survey of 1,350 IT security pros conducted by Information Security Leaders, an independent security careers website, finds that these workers believe the certifications are necessary to advance in their careers - regardless of whether that's true, reports Dark Reading.
Among the findings:
The article quotes Mike Murray of Information Security Leaders, saying:
A lot of people believe in the value of certs. That value is because people believe in it.
Security professional recruiter Lee Kushner says he doesn't think these beliefs reflect reality in the job market, though:
"In the world I live in, no one says, 'Hire this person because this person has a certification' or not. They hire the best person" for the job regardless of their certifications.
In May, Foote Partners CEO David Foote wrote:
... if there is a also a certification available and the employer is facing a choice between a worker with demonstrated experience in that skill or a person who is less experienced in that skill but has a certification ... I think employers will choose the experienced person and pay a higher premium for that experience. Ideally, they'd probably like to have both because certification does tend to imply a dedication and commitment.
Information Security Leaders' Kushner and Murray will present the full survey findings at Black Hat on Aug. 4 during their "InfoSec 2011 - A Career Odyssey" workshop on security leadership.