IA certifications improve hiring, promotion, salaries
It pays to get cybersecurity certification; security skills accounted for 17 percent of base pay in the fourth quarter of 2007, and pay for network security management skills increased by more than 27 percent in 2007; going forward, IT professionals will need to be able to incorporate their security savvy into network, wireless, application, operating system, and other IT areas to best compete
The economic doldrums that struck the United States and the rest of the world in 2008 and 2009 are not over yet, although the New Year brings hope of recovery. M. E. Kabay, who specializes in security and operations management consulting services and teaching, writes in NetworkWorld that recently a young reader just completing his Certified Ethical Hacker (CEH) certification asked him whether information assurance (IA) certifications matter in getting a job, and if so, which certifications are best.
In Computer Security Handbook (Fifth Edition, Wiley, 2009), the authors, Christopher Christian, M. E. Kabay, Kevin Henry, and Sondra Schneider, write (chap. 74, “Professional Certification and Training in Information Assurance”):
Sometimes students, professionals and marketers use the terms “certificate” and “certification” interchangeably. In addition, academics and professionals sometimes differ in their interpretation of “accreditation.”
- A certificate is a “document providing official evidence: an official document that gives proof and details of something such as personal status, educational achievements, ownership, or authenticity.”
- Certification, in this context, is the process (thus, a verb) of examining the work experience, knowledge and trustworthiness of a candidate for a particular certificate; confusingly, the certificate granted for qualified applicants is often referred to as a particular certification (and thus, a noun).
- “Accreditation” refers to the process of “officially recogniz[ing]” a person or organization as having met a standard or criterion. In information assurance, accreditation is carried out by official, industry- and government-recognized bodies.
In a later section of the chapter, the authors write,
Certification differs from a certificate program, which is usually an educational offering that confers a document at the program’s conclusion.
Accreditation of a certification involves a voluntary, self-regulatory process established by defined organizations and using published standards. Accreditation is granted when stated quality criteria are met.
By submitting to accreditation and enforcing documented, verified standards for professional certification, organizations … seek to protect the public and consumers against meaningless claims of professionalism.
In the NetworkWorld article, and subsequent Computerworld article, Kabay focuses on certification. He says that in line with the comments above, readers should always investigate the degree of accreditation backing of any given certification; unaccredited certifications may be worth the same as the degrees that are offered as “Degree Without Studying: Earn an Accredited Degree based on your Work or Life Experience.”
In general, IT specialists are doing pretty well despite the weak economy. Indeed, some reports indicate that employers are actually having trouble filling high-end, specialized positions.
In April 2008, Denise Dubie of NetworkWorldwrote, “A CompTIA skills survey released in February had security listed as the No. 1 skill among three-quarters of the 3,578 IT hiring managers polled. Foote Partners reports that security skills accounted for 17 percent of base pay in the fourth quarter of 2007, and pay for network security management skills increased by more than 27 percent in 2007.”
She added that going forward, IT professionals will need to be able to incorporate their security savvy into network, wireless, application, operating system, and other IT areas to best compete.
“Firewall, data leak, compliance — you name it and it’s in demand for security,” says CompTIA’s Neill Hopkins, vice president of skills development at the Computer Technology Industry Association. “In the networking field, you need to also be an expert at security, but going forward skills around how to train staff and employees to be security-aware will have to be developed.”
Want to compare security products? Visit the IT Product Guides now.
In the 2008 “Information Security Career Progression” survey by the Information Systems Audit and Control Association (ISACA), the researchers found that in their November 2007 survey of 1,426 CISMs from 73 countries, CISM [Certified Information Security Manager] comes in as the second-highest paid IT certification, at an average of $115,072 annually. This is especially interesting when compared to the fact that in the same survey, security, which was the highest paid discipline in 2006, fell to fourth place in 2007 — from an average salary of $93,500 to $87,890. At $115,072, CISM is clearly being recognized as an asset among business leaders…. CISMs are experiencing tremendous career growth while acquiring responsibility for issues that demonstrate value to the business.
Next week HSNW will publish a special report on homeland security education and certification. For more information, contact Cindy Whitman at 503.546.9977 , [email protected].