Security Certs' Value Largely a Perception?

Susan Hall

Back in February, I wrote about a survey by the International Information Systems Security Certification Consortium (ISC)2, the organization that offers certifications including the CISSP, saying that security pros need new skills to deal with the security issues posed by cloud computing and mobile devices. And that was before the recent rash of security breaches.


In that survey, six of 10 respondents said they were looking to add at least one new certification in the next year. At the same time, the report spoke about the "dilution effect" of security certifications - the organization counted more than 40 either vendor-specific or vendor-neutral security certifications available, making it difficult for certification vendors to differentiate themselves.


In a May report, analyst firm Foote Partners ranked IT security certifications No. 4 in certification pay declines for the first three months of the year. So the debate rages on about the value of certifications.


Yet a survey of 1,350 IT security pros conducted by Information Security Leaders, an independent security careers website, finds that these workers believe the certifications are necessary to advance in their careers - regardless of whether that's true, reports Dark Reading.


Among the findings:


  • 54 percent said they were promoted or got a job because they held at least one security certification.
  • 75 percent currently or previously held a security certification.
  • About 40 percent "somewhat agree" that peer pressure led them to seek the certification so they would not be passed over for promotions or jobs, while 15.4 percent "strongly agree."
  • 80 percent said the time and money spent attaining certification was "a good use" of their resources, while nearly 9 percent said it was not.
  • Most said that if they were doing the hiring, they would require candidates to hold at least one security certification. Sixteen percent said they would not interview any candidate without a certification.


The article quotes Mike Murray of Information Security Leaders, saying:

A lot of people believe in the value of certs. That value is because people believe in it.

Security professional recruiter Lee Kushner says he doesn't think these beliefs reflect reality in the job market, though:

"In the world I live in, no one says, 'Hire this person because this person has a certification' or not. They hire the best person" for the job regardless of their certifications.

In May, Foote Partners CEO David Foote wrote:

... if there is a also a certification available and the employer is facing a choice between a worker with demonstrated experience in that skill or a person who is less experienced in that skill but has a certification ... I think employers will choose the experienced person and pay a higher premium for that experience. Ideally, they'd probably like to have both because certification does tend to imply a dedication and commitment.

Information Security Leaders' Kushner and Murray will present the full survey findings at Black Hat on Aug. 4 during their "InfoSec 2011 - A Career Odyssey" workshop on security leadership.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.