We’ve all seen the profiles on LinkedIn, on resumes, and on a speaker’s title slide. It looks something like this: John McCumber, [CERT], BS, MBA, [CERT], [CERT], [CERT], [CERT], [CERT] What are we to understand of this person’s qualifications? Should you hire them? Sit upright and pay attention during their lecture? Simply be amazed?
I always thought it charming when the technology community started adopting the European tradition of listing one’s graduate degree(s) on a business card. For much of my earlier career, I had noted European professionals would put an MA/MS/MBA on their business cards. About 10 years ago, I noticed the trend come to North America. Before that time, you rarely, if ever, saw anything other than a terminal degree or a professional certification such as a CPA, JD, MD. Acknowledgment of one’s graduate achievements or vendor qualification was left to the resume or curriculum vitae. But the times have changed dramatically.
Recently, I was handed a business card from a highly accomplished cybersecurity professional. Their name was preceded by the honorific “Dr.” This is a normal recognition of a terminal degree, but the name was also followed by the redundant “Ph.D.” The next set of initials indicated they had passed the criteria for professional certification. Next up were two master’s degrees. Following these were no less than eleven (!) certifications: some from professional certifying bodies, others from vendors in recognition of passing an examination testing their knowledge of a specific technology product. They stood looking at me expectantly as I spent an awkward amount of time trying to process the two full lines of acronyms. I eventually looked up and said, “Nice to meet you,”
Another colleague has even more acronyms after their name but takes a slightly different tack. They start with their name followed by the word Global as an adjective that defines a series of three-letter titles or roles they supposedly fill: CIO, CSO, CTO, and then followed by a graduate degree, seven (!) professional certifications, and a closing list of vendor certs. After the same awkward time looking through the alphabet soup, I looked up and said, “You must be very busy.”
To Cert or Not to Cert
All these shiny, new lofty cybersecurity transformational visionaries, international speaking prodigies and multi-board and foundation members are now throwing shade over the now-outdated thought leaders and evangelists of yesteryear. If you aren’t sitting for a certifying exam this month, you are already far behind the in-crowd.
Traditional, formal educational institutions have fallen far behind the cybersecurity industry. Sure, over the last decade, a slew of graduate programs for cybersecurity, information assurance, and related disciplines have sprouted up like mushrooms in cow patties after the rain. They are all challenged by the fact there isn’t a universally acknowledged common body of knowledge for these jobs let alone as an academic discipline.
Certification bodies have jumped into the breach to offer knowledge and experience tokens that bridge industry, government, and academia. However, there is often confusion over the value the proffered tokens provide. Professional certification is different from a vendor’s technology certificate. A master’s degree is normally not positioned as a technical or professional certification of skills achievement. More is not necessarily better. Some certifying bodies are now positioning entry-level certifications that will somehow test a person’s knowledge to even step on the path toward a career. How they assess those qualities while charging for the service has yet to be proven.
I truly hope we have already reached the apex of this trend. In order to break through the noise, it seems we have created a monster. Instead of building a common body of knowledge, we have created competing camps in academia, industry, and professional bodies who all want to be the handsomely paid arbiter of what qualifies people for jobs. And if you thought all this is a bit mad, the UK government just announced they want to become cybersecurity certifying body. I guess we will have many more years of the ever-growing list of certs. Better sign up today!
