SC Magazine’s CISSP! Who Cares? article says that security certifications are not as valuable as they used to be because they are rather commonplace. Too many people going for the same job have the same qualifications. However, that is not my experience, and I disagree with some of the article’s statements.
I earned my CISSP more than 5 years ago. Let’s take a look at a couple companies I’ve worked for and count the CISSPs…
– Fortune 500 company: 3 CISSPs. 2 of 10 people on the security team currently have the CISSP; no one else. At least in that company, the cert isn’t common, even on the security team; overall, one other security team member has 5 technical certs, but no CISSP. If the CISSP was so common, most of the people on the security team would have it, and so would others in network, architecture, and other IT areas. But in this company, it just isn’t so.
– Another Fortune 500 company: 9 CISSPs. 3 in security, 4 in IT, 2 on the business side, with no relation to IT, risk, or security areas. Again, few on the security team, but more across IT and other areas. Still doesn’t sound like the CISSP is real common there.
– Fortune 100 company: 7 CISSPs. 2 in security and the rest in IT. Again, only 2 security team members have the CISSP. Are you seeing my point? If security certs were that common, I think I’d see higher numbers.
Sure, this is only 3 big companies, I counted only CISSP certs, and I’m a little biased. It’s also possible that I missed 2 or 3 CISSPs at each company, but that wouldn’t change my argument much. The SC Magazine article was broader than just the CISSP, but the CISSP was their focus, and there’s more CISSP certs out in the wild than any other security cert. But I’ve laid out what I’ve experienced, so I disagree: I don’t think the CISSP is as common as the article states. And I don’t think it’s value has dropped much.
The article also says that it’s the experience that counts, not the certifications, because certifications do not equal experience. That’s true, but when you’re trying to get hired, your experience may not have a chance to be recognized because your application did not contain those magical certification letters; you may not get in the door.
As I’ve stated before, what’s the downside of certification? Sure, it costs you time and money. But in my experience, it has been worth it. In my next post, I’ll list the top 7 reasons for getting security certifications.
Other Certification-Related Posts: