FCW Insider

Blog archive

FCW Insider: What's the point of security certs?

We have heard from a number of readers who see little value in requiring cybersecurity workers to have security-related industry certifications.

They were responding to our report about a Senate bill that would require contractors to license and certify anyone providing cybersecurity-related services to a federal agency (you can read the story here).

Several of these readers are not impressed specifically with Certified Information Systems Security Professional (CISSP) certifications. But certification, in general, is a bit of a red herring they said, because it does not reflect work experience, which is more valuable than test experience.

So we can't help but wonder: What is the point of certification? How can federal agencies ensure that their cybersecurity staffers, and their contractors' staff, have the right skill sets?

Meanwhile, here are excerpts from the comments we've received.

* I've been certified since 2003 and have contact with many "certified" folks who have no experience with actual skills on the job. The cost of getting certified is high for both individuals and companies, yet the government still wants to award to the low bidder. Companies can't afford to spend a lot of money and not get a return on their investment in the people. It is also very difficult to retain trained 'professionals' no matter if they are trained while under government sponsorship or by their company. There is a lot of job hopping to increase salaries without remaining long enough to actually learn/perfect skills or truly contribute to the agency's mission.

* If they are going to have certifications, then it should be a mix of the software vendors' certs, i.e. Microsoft, Cisco, Vmware, and then maybe a security cert. It's clear the government doesn't understand technology best practices. Which is why, military included, we get hacked by countries like China, N. Korea etc.

* Not another one. I have three masters, MIS,FWU, ISS- EMU, Nation Security, Navy War College, PMP-GW, Boot Camp, ISC2, 25 years of IT/ISS experience...yet not qualified. It is all about the $$$$$. This is a monopoly and employees should protest about this. I have fired more CISSPs. Passing a test means nothing. Before you know it, you won't need degrees, just paper certification.

* This sounds like the DOD Information Assurance initiative, which is nothing more than a memorization effort in order to pass a test that on average has little to do with what a person does on a daily basis. Vendors selling these classes are getting rich and taxpayers don't see any measurable benefit to it. It just looks good on a resume to have these certifications. Doesn't make anyone smarter if they do not have experience to begin with.

* Great. Another worthless paper certification. And I include CISSP in that. Took me 45 minutes to parse the exam questions for the correct answers to pass that test then ISC2 wanted "maintenance" fees throughout the 3 year certification period. Those fees were not disclosed when I got the CISSP cert. Now I have to pay the "overdue" fees to re-certify since the 3 years ended. WTF? ISC2 is just about the money and they are going to exploit this one for all it's worth.

Posted by John Stein Monroe on Apr 06, 2009 at 12:14 PM


Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.