GRC Controls for the NVD Issue
Common Vulnerabilities and Exposures (CVE) are a crucial source of information on cyber vulnerabilities for organizations and malicious actors alike.
In today’s competitive job market, the value of professional certifications have become increasingly important. They are meant to serve as a testament to an individual’s skills, knowledge, and commitment to their profession. But can they be trusted? Let’s explore the various benefits of obtaining professional certifications and why they are valuable for career growth.
Professional certifications are credentials awarded by industry-recognized organizations that validate an individual’s expertise in a specific field. These certifications often require passing exams, completing coursework, and meeting certain experience requirements.
Enhanced Credibility and Recognition: Certifications provide a formal acknowledgment of your skills and knowledge. They enhance your credibility and make you stand out in your field. Employers and clients are more likely to trust and value your expertise.
Career Advancement: Holding a certification can open doors to new job opportunities and promotions. Many employers prefer or require certified professionals for certain roles, making certifications a key factor in career advancement.
Increased Earning Potential: Certified professionals often command higher salaries compared to their non-certified counterparts. The investment in obtaining a certification can lead to significant financial returns over time.
Up-to-Date Knowledge: Certification programs are designed to keep professionals current with the latest industry trends, technologies, and best practices. This ensures that certified individuals are well-equipped to handle the evolving demands of their profession.
Networking Opportunities: Joining a community of certified professionals provides valuable networking opportunities. You can connect with peers, mentors, and industry leaders, which can lead to collaborations, job referrals, and professional growth.
Personal Satisfaction and Confidence: Achieving a certification is a significant accomplishment that brings a sense of personal satisfaction and confidence. It validates your hard work and dedication, boosting your self-esteem and motivation.
Snapshot in Time: Some certifications only measure knowledge at the time of certification exam creation. After that, it’s up to the individual to “attest” to maintaining current knowledge in a rapidly changing cybersecurity word.
Organizational Overreliance on Certifications: How many times have you seen job postings stating candidates must have: CISSP, CISA, CISM, GIAC, CRISC, CCSP, etc., and 2+ years of cybersecurity experience? This is a sign that the organization has centralized recruitment activities to an area having minimal guidance and understanding of the needs of cybersecurity. To facilitate building a job description, a recruiter googles “cybersecurity skills” and is given a long list of certifications. Many of these certifications require 5+ years of hands-on experience in addition to passing an exam proving that not only do you know the material but also know how to apply what you learned. Many are sequential in nature – building on the skills tested in earlier certifications. In the interests of attracting the best candidates, the recruiter lists all terms Google returned – not understanding the subtle distinctions of cybersecurity activities.
Individual Overreliance on Certifications: How many times have you seen job postings that perfectly match your experience, but you never pass the initial screening stage because you don’t have these magical pieces of paper? The automated resume scanning software has discarded you application because you didn’t include the correct collection of certification terms. This leads to individuals accumulating certifications for the sake of making themselves more marketable but do not actually have current and lasting experience in the field.
Assess Your Career Goals: Identify your career aspirations and choose a certification that aligns with your goals. Consider:
Research Certification Requirements: Understand the prerequisites, exam format, and study materials required for the certification. Ensure you meet the eligibility criteria before committing.
Evaluate Industry Demand: Research the demand for the certification in your industry. Certifications that are highly regarded and sought after by employers will provide the most value.
Consider Time and Cost: Evaluate the time and financial investment required to obtain the certification. Choose a certification that fits your schedule and budget.
This brings me to the concepts of:
The value of professional certifications can provide a useful indicator of one’s commitment to the profession and a basic level of knowledge. It shows that the certified individual can “speak the language” of certification area and perhaps some broader knowledge.
Certifications often required a minimum of number of years of experience to be certified. Now, did the certified individual gain experience by doing the work, day in and day out, or were they merely in the “reporting chain”. Only a detailed interview can disclose the level and depth of their experience.
And this brings me to competency. An individual may have the desired certifications and experience “on paper” but do they exhibit competency and maturity in the field? Can they apply their knowledge quickly and calmly to a new or unexpected situation? Personally, I know several people who have experience and competency and yet have never bothered to become certified.
Certifications are often used as a lazy approach to screening candidates for hiring or promotion. This comes at the risk of losing competent people. There needs to be a balance
Personal certifications are a valuable asset for career growth and development and for organizations to recognize talent. They enhance your credibility, open doors to new opportunities, and keep you updated with industry trends. But, and take this from a person that has many certifications (CISSP, CISA, CCSP, CGEIT, CISM, CRSIC, CIA, CRMA, ISO 27001/05, PCI/QSA, PMP Prince2) certifications form a small part of being cybersecurity professional.
Have you pursued any professional certifications? How have they impacted your career? Share your experiences in the comments below!
Common Vulnerabilities and Exposures (CVE) are a crucial source of information on cyber vulnerabilities for organizations and malicious actors alike.
FUD!! In today’s constantly and rapidly changing business world, the terms “Fear”, “Uncertainty”, and “Doubt” (FUD) are often used to