Security Profession blog
Comment and discussion about the security industry of interest to the security professional. Blogs will be submitted by (ISC)2's management team and Advisory Board members.
Tuesday 5 May 2009, 4:07 PM
Invest now – payback later
I was in san Francisco last month for the 20th Anniversary celebration of (ISC)2’s formation. While there I was fortunate enough to have dinner in one of the city’s many excellent Chinese restaurants. At the end of the meal the proprietor gave each of us a Chinese fortune cookie. We all broke open our cookies and read the saying inside (actually we played a game which I better not go into here). The saying I had in mine was “Your investment in time now will lead to success later”.
It got me thinking about what a great saying it was. No matter what we do, we generally do it better by investing time into it before hand. This applies as much to information security as it does to any other profession. This is particularly relevant when discussing the value of security qualifications and certificates. Many of the arguments hotly debated focus on what the certificate covers and how good the examination process is. It ignores the fact that one of the main values associated with security qualifications is that they show that the individual has made an investment in time to study for and take a qualification.
This process does not stop there. Most of the leading information security qualifications require that individuals continue to invest time in continuing professional development and education. This is one of the most important aspects of professional qualifications. If a qualification does not require you to commit to making sure you keep abreast of new developments in your field then it probably isn’t worth having. We see this approach in many aspects of professional life. Airline pilots have to be regularly assessed and have to be “rated” for whatever type of aircraft they are flying. First Aid certificates have an expiry date on them (usually three years). Both the medical and legal professions demand continuing professional development.
In the current climate where recruiting the right individuals and, if you are looking for a new position, convincing a prospective employer of your value, the investment individuals have made of their time in obtaining and maintaining a security qualification is critical. When I was sitting on the recruiter’s side of the desk I would always ask a candidate what qualifications they had and why they had chosen specific ones. What criteria did they use in selection? How were those decisions made? Those that did not have any qualifications were not necessarily eliminated but were asked why they hadn’t got any. This was not to be critical of them but to find out how they had invested time in their careers.
So to quote an old Chinese proverb “Your investment in time now will lead to success later”.
John Colley, CISSP, Managing Director, (ISC)2 EMEA
It got me thinking about what a great saying it was. No matter what we do, we generally do it better by investing time into it before hand. This applies as much to information security as it does to any other profession. This is particularly relevant when discussing the value of security qualifications and certificates. Many of the arguments hotly debated focus on what the certificate covers and how good the examination process is. It ignores the fact that one of the main values associated with security qualifications is that they show that the individual has made an investment in time to study for and take a qualification.
This process does not stop there. Most of the leading information security qualifications require that individuals continue to invest time in continuing professional development and education. This is one of the most important aspects of professional qualifications. If a qualification does not require you to commit to making sure you keep abreast of new developments in your field then it probably isn’t worth having. We see this approach in many aspects of professional life. Airline pilots have to be regularly assessed and have to be “rated” for whatever type of aircraft they are flying. First Aid certificates have an expiry date on them (usually three years). Both the medical and legal professions demand continuing professional development.
In the current climate where recruiting the right individuals and, if you are looking for a new position, convincing a prospective employer of your value, the investment individuals have made of their time in obtaining and maintaining a security qualification is critical. When I was sitting on the recruiter’s side of the desk I would always ask a candidate what qualifications they had and why they had chosen specific ones. What criteria did they use in selection? How were those decisions made? Those that did not have any qualifications were not necessarily eliminated but were asked why they hadn’t got any. This was not to be critical of them but to find out how they had invested time in their careers.
So to quote an old Chinese proverb “Your investment in time now will lead to success later”.
John Colley, CISSP, Managing Director, (ISC)2 EMEA
