FCW Insider

Blog archive

FCW Insider: In defense of security certifications

As noted in a blog post yesterday, some FCW readers are skeptical about the value of security certifications.

A bill recently introduced in the Senate would require contractors to license and certify anyone providing cybersecurity-related services to a federal agency. The skeptics believe that Certified Information Systems Security Professional (CISSP) and other certifications are misleading, because they do not reflect an employee's work experience (read the article and all its comments here).

Several more readers echoed those sentiments after reading yesterday's blog post. However, I want to highlight one comment that offers a different perspective:

It's pretty easy to rant about qualification and whether the CISSP (target of opportunity) is worth while; simply put, you can have all the quals and certs plus the 5 years experience currently required for CISSP or another cert (SANS too) but if you're not working in a team environment with other subject matter experts, you're bound to miss something. Certs, quals and experience do not prevent mistakes but at least they've studied and documented their experience. The government is doing what government does: establishing a baseline...a standard. Are there better measures? Possibly, but we (IA professionals) have to start somewhere.

Posted by John Stein Monroe on Apr 07, 2009 at 12:14 PM


Featured

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected