Over the last twenty to thirty years, professional certifications exploded in an effort to whittle down the edges on those square pegs. The total number of professional certifications across specialties, experience levels, and different certification bodies now numbers over 100. Here are a few guiding thoughts on how both cybersecurity hopefuls and current employers should be thinking about professional certifications.
Diverse Views on Certifications
In cybersecurity, professional certifications can be particularly polarizing. Some practitioners invest heavily in earning certifications, only hire individuals with certifications, and believe in the intrinsic value of those three- or four-letter credentials. While other professionals, often of similar experience levels and backgrounds, view “certs” as an inaccurate or insufficient way of determining an individual’s knowledge and skills.
Nevertheless, like everything in life, cybersecurity certifications value is real… within reason. Unlike other professional pathways like those of lawyers, accountants, and physicians, there is no standardized license or exam providing practitioners with a transactional entry point into a career in cybersecurity. Like a chisel and hammer, though somewhat crude, certs are effective when wielded appropriately. Given the lack of another standard, cybersecurity certifications do serve as some indication of an employee-employer match.
Perhaps more helpful, there is an area where nearly all practitioners seem to agree. Earning professional certifications does show or imply that an applicant takes his or her career seriously, is organized, and is capable of learning (even temporarily) new information. These traits are often positive indicators for a successful employee in some recognizable capacity.