FCW Insider: In defense of security certifications
One reader offers a dissenting view on the value of requiring security professionals to achieve industry-standard certification.
As noted in a blog post yesterday, some FCW readers are skeptical about the value of security certifications.
A bill recently introduced in the Senate would require contractors to license and certify anyone providing cybersecurity-related services to a federal agency. The skeptics believe that Certified Information Systems Security Professional (CISSP) and other certifications are misleading, because they do not reflect an employee's work experience (read the article and all its comments here).
Several more readers echoed those sentiments after reading yesterday's blog post. However, I want to highlight one comment that offers a different perspective:
It's pretty easy to rant about qualification and whether the CISSP (target of opportunity) is worth while; simply put, you can have all the quals and certs plus the 5 years experience currently required for CISSP or another cert (SANS too) but if you're not working in a team environment with other subject matter experts, you're bound to miss something. Certs, quals and experience do not prevent mistakes but at least they've studied and documented their experience. The government is doing what government does: establishing a baseline...a standard. Are there better measures? Possibly, but we (IA professionals) have to start somewhere.