Home > Ask the Information Security Experts > Questions & Answers > Industry experience vs. security certification credentials
Ask The Security UK Expert: Questions & Answers
EMAIL THIS

Industry experience vs. security certification credentials

Mike Rothman EXPERT RESPONSE FROM: Mike Rothman

Pose a Question
Other Security UK Categories
Meet all Security UK Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 08 September 2007
I'm currently working in the IT risk management field. What would be the added value of gaining the CISSP? Are there other certifications that would better assist me in identifying and mitigating specific business risks?

>
EXPERT RESPONSE
In my opinion, the CISSP is more about a resume then proving one's competence as a security professional. It will show that someone can pass the test, but it doesn't say much about that person's ability to do the job.

I think you are in a great position because you are dealing with risk, and that is by definition a business activity. So focus on learning about the business, interacting with business people and understanding how to relate security to your organization's business imperatives.

I'd rather see you further specialize in your field and gain a greater understanding of how your business operates and some of the critical success factors for your company, as opposed to getting a credential that simply indicates you can attend a boot camp and take a test.

There is no way to fake real industry knowledge in an interview. If I were you, I'd be spending my time focused on gaining that industry knowledge, as opposed to a generic security certification. That is, unless you are passionate about the technology. In that case, being in the risk management group may not be the best fit.

For more information:

  • Khalid Kark explains how to build an information risk management framework.
  • In this tip, security practitioners give advice to those embarking on an information security career.


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    Security Certification Training
    (ISC)2 targets software developers with secure accreditation
    Distrust of employees drives email monitoring
    IISP gets former Barclays executive for growth
    Security professional organisations should be rationalised
    Deloitte survey finds overconfidence, lack of planning on security
    CISSP good intro to regulatory compliance
    CISSP cert can boost your security career, but not your salary
    Salary Survey: 2008
    People can't be trusted
    What Web security initiatives can be taken on a college campus?

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    IISP (Institute of Information Security Professionals)  (SearchSecurityUK.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts