Intelligent CISO Issue 03 | Page 50

There were ( and still are ) essentially two main issues that organisations wanted to address as they looked at security .
FEATURE

There were ( and still are ) essentially two main issues that organisations wanted to address as they looked at security .

qualifications are a ‘ hallmark ’ of quality in many industries . But does this apply to cybersecurity ?
Mike Ahmadi , VP , Transportation Security , DigiCert offers his views .
“ When I started in the security business the topic of security certifications was occasionally brought up , yet I paid little attention to the notion of getting a security certification because the marketplace was simply not demanding any at the time .
Mike Ahmadi , VP , Transportation Security , DigiCert
“ It was not until around 2008 , when hacking began to turn into the equivalent of a spectator sport , that organisations began taking the need for security a bit more seriously , and consequently they began considering what was the best use of their financial resources in tackling security issues .
“ There were ( and still are ) essentially two main issues that organisations wanted to address as they looked at security .
“ One is how to address a known attack on their systems , and the other is how do you show the world that you are meeting some level of due diligence as you prepare for security challenges .
“ These needs led to a few issues that needed to be quickly resolved . The first was how does an organisation determine who to hire to help them with security issues .
“ Since most organisations are not at all familiar with what causes security problems to begin with , it was even more complicated to determine who was best able to come to that determination and solve it .
“ The other was how you answer questions like ‘ what have you done to secure your environment , and why do you feel it is the right choice ?’
“ This is where certifications come into play , and , by far the most wellknown today is arguably the CISSP ( Certified Information Systems Security Professional ) certification , which is called out as a basic requirement in just about every major security job today .
“ I finally caved in around 2010 and decided to go for this certification and I have to admit it was not an easy test to pass . I did gain quite a bit of knowledge while preparing for the test and though I am not convinced it made me a sharper security expert , what it did do is serve as evidence to those that chose to hire me or work with me that I knew something about security and likely much more than any non-security professional in the organisation .
“ Additionally , because CISSP is so globally recognised as one of the premier ( if not the premier ) security certification , organisations that hire those with CISSP security certifications can always point to those they hire for addressing security issues that have the certification as being evidence of due diligence .
“ Honestly what it boils down to is establishing credibility and risk management . Those with certifications are not necessarily more highly skilled , but those that hire professionals with certifications can at least rest assured that they have a good starting point .” u
50 Issue 03 | www . intelligentciso . com