Whether Lean Six Sigma (LSS), Project Management Professional (PMP®), IT Infrastructure Library (ITIL®), the EC-council’s Certified Chief Information Security Officer (CCISO), or Certified Information Systems Security Professional (CISSP) (the list goes on), the real value of professional certifications comprises multiple perspectives. This brief article highlights the immediate impact, return on investment (ROI), and competitive edge as value-added considerations for seeking professional certifications in cybersecurity.
By Dr. Charlotte M. Farmer, Independent Director
Rapid Impact
Faced with rapid changes in technology and evolving cyberthreats, leaders quickly find themselves overwhelmed by knowledge and capability gaps. For example, organizations are encountering a significant change in processes and protocols to operate and secure the enterprise effectively. Realizing that the skills needed to execute are becoming radically different, leaders are compelled to reset or upskill the workforce. With the heightened emphasis on mobility, organizations seek application skills that enable the development and management of various cloud services. Organizations and their service providers are upskilling employees through acquisitions, training, retraining, or talent acquisition mechanisms.
Given that certifications deliver targeted guidance in a timely fashion, leaders look to certifications as a rapid approach to keep skills fresh and relevant whenever, wherever needed. Pursuing a degree program is not always a practical option. In some cases (e.g., cybersecurity, AI, data analytics, etc.), textbooks are outdated by the time they are published. Certifications have rapidly become a stop-gap solution to help keep pace with technology acceleration.
Also see: EC-Council Launches a Specialized Web Application Hacking and Security Certification
Return On Investment
With the rapidly changing demand for new solutions, (e.g., AWS Certified Solutions Architect – Professional, Certified Cloud Security Professional [CCSP], Certified Data Privacy Solutions Engineer [CDPSE], etc.), some organizations may not understand the available capabilities or how to employ them. This cripples leaders as they strive to actualize strategies. Playing the long-game: Once the strategic direction is established, a 2–3-year Information Technology (IT) roadmap should be established to identify: 1) business needs, challenges, and aspirations, 2) functional capabilities needed to tackle challenges and achieve aspirational goals, 3) the talent needed to perform capabilities, and the 4) professional development needed for the workforce.
In situations where individuals are faced with trade-off decisions between pursuing a certification or degree, it can be helpful to establish decision criteria that will be used to measure ROI. Criteria could include (but is not limited to):
- salary impact
- urgency (needed to address the emerging threat or enable business transformation)
- intent (professional positioning/growth or intellectual fulfillment)
- organizational risk (ensure sustainability, drive compliance, etc.)
With personal, professional, and corporate ROI in mind, this author is adding CISSP to her portfolio of certifications along with free online courses by Harvard, MIT, Berkeley, and more (via EDx). EDx offers access to 2,000 free online courses from 140 leading institutions worldwide.
Professional Certifications for the Competitive Edge
In this “micro-wave” economy, lifelong learners may turn to certifications to stay sharp in their area of expertise while banking on rapid ROI. In this environment, certifications appear to offer a high-value, fast-paced means to enhance skills. CAUTION: Certifications are not panaceas and should not
be treated as such. Depending on the circumstances, certifications may not substitute for formal education or experience. Appropriate certifications should be included as part of a holistic professional development plan that includes a proportionate amount of:
1) learning on the job through hands-on stretch assignments
2) learning via engagement with subject matter experts using an apprentice model, and
3) formal training in relevant classes/degree programs, seminars, and workshops.
Keep in mind that professional development plans should align with the individual’s learning style, environmental drivers (e.g., industry, technology, processes, etc.), and strategic direction of the organization. Most importantly, individuals should co-create a development plan with their management team to determine the most appropriate certification and optimal balance of work, mentorship, and training.
Conclusion
Arguably, professional certifications offer a value-added approach to rapidly skill-up the workforce. While certifications help enhance skills and experience, they should be included in a holistic professional development plan that includes a proportionate amount of learning on-the-job, engagement as an apprentice, and formal training. Many venues are offering free courses to help gain new skills and earn a certificate of completion. Pick one and join today.
About the Author
Dr. Charlotte Farmer is an experienced Director and Board Member with proven value creation across blue chip companies and top-tier general management consulting firms. Over the last 25 years, she has served as Board Chair, Committee Chair, or Board Advisor to 16 non-governmental organization (NGO) boards. Currently, she serves as Board Chair of a tech start-up and advisor to a private equity company in The Carlyle Group portfolio. Her board expertise includes strategy, governance, and turnaround with proven results building high-performing, growth organizations. Her leadership roles in high-tech manufacturing, global operations, finance, and digital transformation would also be an asset to companies eager to expand their footprint or companies in need of turnaround guidance.
Dr. Farmer is also on the CISO MAG Editorial Advisory Board.
Disclaimer
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.