[ISN] What's the point of security certs?

From: InfoSec News <alerts_at_private>
Date: Wed, 8 Apr 2009 01:01:07 -0500 (CDT)
http://fcw.com/blogs/insider/2009/04/fcw-insider-security-certification.aspx

By John S. Monroe 
FCW Insider
April 06, 2009

We have heard from a number of readers who see little value in requiring 
cybersecurity workers to have security-related industry certifications.

They were responding to our report about a Senate bill that would 
require contractors to license and certify anyone providing 
cybersecurity-related services to a federal agency (you can read the 
story here [1]).

Several of these readers are not impressed specifically with Certified 
Information Systems Security Professional (CISSP) certifications. But 
certification, in general, is a bit of a red herring they said, because 
it does not reflect work experience, which is more valuable than test 
experience.

So we can't help but wonder: What is the point of certification? How can 
federal agencies ensure that their cybersecurity staffers, and their 
contractors' staff, have the right skill sets?

Meanwhile, here are excerpts from the comments we've received.

* I've been certified since 2003 and have contact with many "certified"  
  folks who have no experience with actual skills on the job. The cost 
  of getting certified is high for both individuals and companies, yet 
  the government still wants to award to the low bidder. Companies can't 
  afford to spend a lot of money and not get a return on their 
  investment in the people. It is also very difficult to retain trained 
  'professionals' no matter if they are trained while under government 
  sponsorship or by their company. There is a lot of job hopping to 
  increase salaries without remaining long enough to actually 
  learn/perfect skills or truly contribute to the agency's mission.

[1] http://fcw.com/Articles/2009/04/06/news-cybersecurity.aspx

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Tue Apr 07 2009 - 23:01:07 PDT

This archive was generated by hypermail 2.2.0 : Tue Apr 07 2009 - 23:11:26 PDT