Certification is about clearing the hurdles, not proving knowledge

I am deeply interested in

I am deeply interested in reading about coping techniques and reemployment methodlogy. The cheap shots demean the writer. Training for the CISSP was engrossing, demanding, and illuminating. A very good learning experience. I returned to the job with eyes that saw more and with a healthy skepticism. I learn something every day. What do you call a physician who barely passed his boards? Doctor. Get real, get serious, Martin, or get lost.

Exactly what I have been

Exactly what I have been telling pople wanting to get into the IT industry for years.

A certification is valuable only in that it gets you past the guy in the HR department. When a stack of resumes get to a company, the HR department rep (who knows nothing of the technology), has to "filter" them. A Cert is one thing, along with the same buzz words in the announcemnet, that gets you past the HR dept and into the IT Department. Once you and your resume are there, you can prove what you know and what you can do.

Pat, You're right, I

Pat,

You're right, I probably should have mentioned the experience requirements of the CISSP certification, as opposed to most of the certs that only require the student to pass a test.

I'll be blunt and say that I was disappointed with the last study I saw completed on behalf of the (ISC)2 (http://www.computerworld.com/blogs/node/1824). Most of the conclusions drawn in the paper were so obvious that the value of the study was heavily questioned by the audience at RSA. I hope this study turns out to be much more useful.

Martin McKeay
martin_cw@mckeay.net
http://www.mckeay.net/
Voicemail: 916.231.9479

Martin, as you know,

Martin, as you know, attaining the CISSP credential involves more than passing the examination. To become a CISSP, a candidate must go through a rigorous process, so rigorous that the American National Standards Institute (ANSI) has certified the CISSP under ANSI/ISO/IEC Standard 17024. A CISSP must have four years of direct, full-time work experience in one or more of the 10 domains of the (ISC)2 CBK or three years with a college degree. After proving work experience, the candidate must pass a six-hour exam, be endorsed by a CISSP in good standing, abide by the Code of Ethics and obtain verified continuing professional education credits to maintain certification. Each candidate application is audited to ensure it meets all certification requirements. If certification holders fail to abide by these requirements, they are forever barred from certification.

By the way, the 2006 Global Information Security Workforce Study, conducted by IDC on behalf of (ISC)2, has just been completed, and contains some findings on the profession and certification that we think would be of interest to you. Please let me know if you would like to get a copy of the study, under embargo until Oct. 25, 2006.

The same can be said about

The same can be said about the paper chase for degrees. The bottom line is, it's a starting point not an end game. The proof is in the amount of experience you get after you graduate from school or pass your certification. I've seen those who have post graduate degrees look down their nose at those who don't when everyone is looking and then pump that same person for information when no one is looking. Then they turn around and brag about how much they know. A degree is also a tool to get you pass the HR person without too many questions being asked.

Testing and Certification of

Testing and Certification of stringent industry fundamentals allows an individual to identify if she/he has what it takes to become a professional in the IS/IT industry.

A professional is somebody who exhibits theoretical and experiential knowledge at the Expert/Mastery Level and abides by a strong code of ethics.

That is, somebody who has mastered the domain knowledge, is flexible, adaptable and supports sound ethical practices.

Credentials such as Doctor, Engineer and Accountant provide oversight bodies to protect the public from poor practitioners and also to ensure that the practice improves over time.

The ICCP and its constituent societies does the same. The IT industry is maturing into a profession with organizations such as the Association of Computing Machinery (ACM.org); the Association of IT Professionals (AITP.org); the Association for Women in Computing (awc-hq.org); the Canadian Information Processing Society (CIPS.ca); DAMA International (DAMA.org), the Independent Computer Consultants Association (ICCA.org) and the Data Warehousing Institute (TDWI.org).

All of these organizations and many more overseas are leading the way to build a sound, evolving body of knowledge and tests that evaluate the competency of professionals working in this huge, diverse and rapidly changing industry.

The Institute for Certification of Computing Professionals (ICCP.org)provides a central respository of the body of knowledge, examinations and credentials used by leading organizations around the world: these include Infosys, IBM, Microsoft, HP, State Farm, Axia, Iflex, Tata, Oracle, R.L.Polk, CapGemini and thousands of Municipal, state, military and federal employees.

The GAP analysis: the gap between expert skills and practitioner knowledge is easily assessed through thousands of test items in ICCP testbanks (an asset worth over US$7 million) and increasingly being used by HR resources in companies to identify and promote their leading professionals.

This GAP analysis provides an objective, rational and defendable model for creating and building an employee's professional development plan. The normalized testing provides equitable treatment, not driven by profits, but the desire to build and maintain evolving standards aligned with the job definitions from the US Department of Labor.

Why risk any number of quickly dated vendor credentials when the individuals can be testing with a life-long employee development program?

The "Silver Bullet" concept was to provide quick short term hits during very short management life spans, but didn't look into the long term needs of the organization. Many CIOs were hired through the 80s and 90s who had 2 and 3 year life spans at the helm of their organization. This concept continues to shrivel as companies engage and encourage their IT organizations to become more roboust in their use of IT to build company value and it is aided strongly by improving technology practices and validated by credentials such as the Certified Business Intelligence Professional; The Certified Data Management Professional; the Certified Computing Professional and the Certified Information Systems Analyst.

The smart companies are investing more heavily with organizations and methods that have stood the test of time and are supported by the core foundation groups of the IT industry.

Don't go for the hype, go for the quality and long term success. Prove to yourself and your peers that you have what it takes to rise to the top of your profession.