Security Pros Seek More Training

Susan Hall
Slide Show

Top 15 Tech Certifications in Today's Market

I just wrote about a survey from the International Information Systems Security Certification Consortium (ISC)2, the organization that offers certifications including the CISSP, saying that security pros need new skills to deal with the security issues posed by cloud computing and mobile devices. That organization, of course, has a vested interest in the outcome of the poll, but it hired consultants Frost & Sullivan to conduct the global survey of more than 10,000 security professionals.


Though the debate continues over the value of certifications, among the interesting points in the survey results: Six of 10 respondents said they're looking to add at least one new certification in the next year. That suggests that these security pros recognize that they need more training and are looking for guidance to help them deal with their companies' issues.


As for the instruction they sought, first in their minds was training in information risk management, and applications and systems development security. The report says:

Many organizations have come to the realization that their own internally created software suffers from the same security risks as those coming from a vendor.

I'm no security expert, but that seems obvious, doesn't it?


The report also delves into what it calls the "dilution effect" of security certifications-it counted more than 40 either vendor-specific or vendor-neutral security certifications available, making it difficult for certification vendors to differentiate themselves. I've written about research firm Foote Partners' finding that the noncertified skills might boost your salary more than a certification and suggested that certifications are just a foot in the door, what it takes to get past the gatekeepers in HR. Fellow blogger Sue Marquette Poremba has noted that new job candidates seem to have a tough time getting a foot in the door because they lack experience.


According to the (ISC)2 report:

The concern is that the certifications considered of high value today may be perceived to be devalued and, consequently, less significant to information security professionals and, more importantly, their employers. Frost & Sullivan believes that many vendors are addressing the current skills gap [by] increasing the complexity and continuing educations requirements of their certifications.

Interestingly enough, of the respondents who are involved in hiring, 90 percent ranked security certifications somewhat or very important. The survey also asked why. While common responses tend to be employee competence, quality of work and company policy, other reasons are emerging including regulatory requirements, company image or reputation and customer requirement. In fact, the survey found that security pros worldwide are spending more time addressing the security concerns of their customers.


In this piece, (ISC)2 Executive Director Hord Tipton asserts that the CISSP continues to be popular and that only 1 percent of those who do not renew say they're doing so because they feel the certification has been devalued. He says the board continues to update the CISSP to address technologies such as virtualization and cloud computing.


But it quotes him saying:

Due to the popularity of the CISSP, don't expect it to do everything. We're finally getting through to human resource directors and hiring officials that they really need to look under the hood when hiring for specialized positions.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.