For most people, the events of September 11 elevated the importance of security. Many security professional associations assessed themselves in a new light, and new organizations sprung up dedicated to addressing one or another security function.
Four years later, it is worth looking at the current roster of security association certifications. CSOs and others with responsibility for both physical and IT security will need to know a little about the certifications in both disciplines.
Certification can play many roles in your career as a security manager.
- It provides direct benefit from the educational programs and certification training.
- Employers or clients may give you more consideration for your demonstration of advanced knowledge through certification.
- You gain expanded knowledge and a bigger contacts pool through your colleagues in certification.
- It helps you identify employees and service providers with the skill sets you require.
Certification reflects a set of professional standards that have to be met, which include the demonstration of a certain level of expertise or competence. Thus security certifications commonly involve both an experience and an educational component. Some certifications require sponsorship or endorsement of the applicant by one or more association members. Certifications usually require periodic renewal involving continuing education, so it is prudent to check an association's current membership list to verify that an asserted certification standing is current.
Technology and Certifications
Some security certifications are technology focused, while others are more general or pertain to security management issues. Security is a business function, and the business security requirements are primary drivers for the deployment of security technology. This means that practitioners in security management positions must have some understanding of the uses and limitations of technology. Conversely, those who specify, design, provide, operate and maintain security systems must have some understanding of the role the technology plays in the overall security scheme, in support of management's security strategies, policies and procedures. There are significant bodies of knowledge at each level (managerial and technological).
Being a Professional
The most common comment from practitioners who attend certification preparation classes or embark on a personal course of study is, "I should have done this a long time ago."
A professional knows what he knows, and also knows what he doesn't know. Achieving the latter is the greater challenge, but it can be answered by obtaining a good understanding of the spectrum of knowledge that exists in one's profession; that's something that security management and high-level certifications provide. The advantage of having such knowledge is that one is never at a loss, but instead knows that someone else knows the answer and can reach out for the required knowledge when needed.
Most certification programs provide a list of books and reference materials and offer study guides. Some associations offer certification test preparation classes, and some private organizations offer comprehensive training for certifications in the IT domain. Professional education is often an evolutionary process, beginning with specialization in a limited area and progressing to a more general command of the field, enabling one to assume larger and more complex responsibilities. Thus a common and workable path is to become certified first in the area closest to one's current or intended area of specialization, and then to proceed with additional education as best fits one's job requirements or personal interests.