Over the years there has been a lot of ink spilled, keys clicked and blood shed over the morass of information security-related professional certifications that have popped up across the landscape like proverbial weeds in the garden.
Like the story of Goldilocks and the porridge – “This one’s too technical”, “that one’s not technical enough” – “ah, this one’s just right”. And some would argue that holders of certain “gold-standard” certifications are not necessarily security-savvy. The rhetoric goes on and on and on.
From my perspective, certifications are analogous to a college degree. There are incredibly smart and capable people that do and do not have degrees. There are no guarantees when it comes to a person’s knowledge, experience, and capabilities.
However, if one does have a college degree it reflects that some commitment had been made by the individual to study and earn the degree. And depending on the quality of the school and program, one would expect there has been some standard of study attained as part of their chosen course of study.
Likewise, pursuing professional certifications reflects one’s commitment to earning the certification, adhering to some standard or body of knowledge that is the foundation for the certification, and typically maintaining the certification by renewal/retesting or continuing education requirements.
This leads me to EC Council’s new C|CISO – Certified Chief Information Security Officer certification. I have been following EC Council’s C|EH – Certified Ethical Hacker certification since its inception.