There were( and still are) essentially two main issues that organisations wanted to address as they looked at security.
FEATURE
There were( and still are) essentially two main issues that organisations wanted to address as they looked at security.
qualifications are a‘ hallmark’ of quality in many industries. But does this apply to cybersecurity?
Mike Ahmadi, VP, Transportation Security, DigiCert offers his views.
“ When I started in the security business the topic of security certifications was occasionally brought up, yet I paid little attention to the notion of getting a security certification because the marketplace was simply not demanding any at the time.
Mike Ahmadi, VP, Transportation Security, DigiCert
“ It was not until around 2008, when hacking began to turn into the equivalent of a spectator sport, that organisations began taking the need for security a bit more seriously, and consequently they began considering what was the best use of their financial resources in tackling security issues.
“ There were( and still are) essentially two main issues that organisations wanted to address as they looked at security.
“ One is how to address a known attack on their systems, and the other is how do you show the world that you are meeting some level of due diligence as you prepare for security challenges.
“ These needs led to a few issues that needed to be quickly resolved. The first was how does an organisation determine who to hire to help them with security issues.
“ Since most organisations are not at all familiar with what causes security problems to begin with, it was even more complicated to determine who was best able to come to that determination and solve it.
“ The other was how you answer questions like‘ what have you done to secure your environment, and why do you feel it is the right choice?’
“ This is where certifications come into play, and, by far the most wellknown today is arguably the CISSP( Certified Information Systems Security Professional) certification, which is called out as a basic requirement in just about every major security job today.
“ I finally caved in around 2010 and decided to go for this certification and I have to admit it was not an easy test to pass. I did gain quite a bit of knowledge while preparing for the test and though I am not convinced it made me a sharper security expert, what it did do is serve as evidence to those that chose to hire me or work with me that I knew something about security and likely much more than any non-security professional in the organisation.
“ Additionally, because CISSP is so globally recognised as one of the premier( if not the premier) security certification, organisations that hire those with CISSP security certifications can always point to those they hire for addressing security issues that have the certification as being evidence of due diligence.
“ Honestly what it boils down to is establishing credibility and risk management. Those with certifications are not necessarily more highly skilled, but those that hire professionals with certifications can at least rest assured that they have a good starting point.” u
50 Issue 03 | www. intelligentciso. com