Here’s my top 7 reasons for getting a security certification:
- It opens the hiring door. Or more simply stated, employers are looking for them. More and more, if you’re not certified, your resume won’t get past Human Resources. When they scan your application and resume, you’ll end up in the digital delete bucket if the screening software doesn’t see those special letters (CISSP, GIAC, CISA, CCSP, CISM, etc.).
- You can command a higher salary. This happens more frequently when you already have a cert and you’re getting hired. However, I earned my CISSP after I was hired, and when I later completed a critical project on time, my new certification made it easier for my boss to convince the VP that I deserved the $5K raise on the spot.
- It opens the promotion door. Earning a certification shows initiative and the desire to better yourself and grow. Even if your employer pays for the training and the exam, you still have to do all the work and put your neck on the line, pass or fail. Just make sure you pass so you look like a winner. Employers promote winners. (And if you don’t get promoted within a reasonable amount of time, you’re still more valuable to the next employer–so where’s the downside?)
- Certifications say that you’ve spent the time to learn the basics (or prove that you know the basics), and you will only get better. While some certs are more basic and some more technical, no certification is going to make you an expert; a cert just means you’re armed and dangerous and that you can add real value to the business if you can keep a level and humble head. Certs are a foundation that you can continue to build upon.
- Your peers and strangers will give you more respect. However, after you open your mouth, you’re on your own; you either solidify that respect or degrade it, but what else is new? You’ve raised the bar of what others expect out of you, and that keeps you on your toes. Just make sure to keep your toenails clipped.
- Certs force you to continue to learn. All certs require Continuing Professional Education (CPE) credits to keep them current. It keeps you growing and thinking, and that means you’re hopefully not going to be stuck in a particular rut (like “no smartphones or iPads on my network!”) or go stale.
- You are held to a code of ethics. This code can keep you out of trouble and help steer your decisions or approach to solving problems. Several times I’ve decided not to use a certain methodology because it violated one of the codes I adhere to. Codes also uphold the professionalism of the field you’re in and the professionalism and value of the certification itself. In addition, codes can give you a way out when management comes to you with some crazy idea or wants you to look the other way this once.
Getting a security certification is even more valuable when you don’t work on the security team, like an auditor or IT specialist. Such a cert will give you a sharp edge on others in your immediate field (especially if you already have a cert in your field in addition to the security cert). One Fortune 500 manager told me my CISSP cert was the deciding factor in hiring me as an auditor. At another large company, I was the only CISSP on the audit team, which had more than 20 auditors.One additional thought:
The next time someone tells you that certifications aren’t necessary, are becoming too common, or that experience is the real differentiator, ask them what certifications they have. Usually the nay-sayers have none, which means they have little authority for their opinion. If they do have any, ask them why they wasted their time getting them. Either way, it should be an interesting discussion.
Related Certification Posts: