At some point in time Clyde wrote:
>> No employer worth his salt will hire you based on a CISSP
certification or any other cert.
>> If he does, I would worry.
You bring up a good point but what other verifiable criteria would you
suggest? Work experience? References? Education? They can all be falsified
or biased making them pretty subjective measurements. Having a board of
professional experts (i.e., civil service board) to interview candidates is
probably the ideal method but not very practical for most companies;
especially when you're talking about highly specialized fields. At least
professional certifications (if they are well done) provide an objective
measurement of competency.
Last year the Electronic Messaging Association sent out a survey to their
members asking what services they would like the association to provide.
They were looking for a list of topics to incorporate into their training
seminars and conferences. Much to their surprise, the number one response
was certification! Companies are looking for some assurances that the
people they are hiring are qualified and capable of doing the job. And they
are looking to the professional associations to provide the measurement.
Agreed, certifications do not guarantee capability any more than a BA in
Education guarantees someone can teach. Certification exams simply measure
minimum competency in a particular field. The validity of the certification
rests entirely in the way it is constructed. The National Organization for
Competency Assurance (NOCA) (www.noca.org) is the principle organization in
the United States that defines how competency testing is to be conducted.
Their guidelines provide an excellent way of measuring the validity of a
certification exam and I would encourage those interested in certification
to review NOCA's web site.
One of the first measures of a good professional certification is
independence. The organization doing the certification and examination
cannot be affiliated with a vendor or instructional institute. If the
provider of the certification has a vested interest in it then it is likely
that the certification will not be objective. Certifications provided by
vendors (i.e., MCSE, CNE) or instructional institutes (i.e., Learning Tree
Int'l) shouldn't be considered valid professional certifications.
The second measure is a well defined Common Body of Knowledge (CBK). The CBK
contains a list of knowledge elements considered to be essential to the
practice of the profession. CBKs can be derived by straight academics (a
group of professionals in that field define them) or by conducting a Job
Delineation Study.
The CBK is used to develop training criteria and to create questions for the
certification exam. Addtionally, the CBK must be subject to periodic
revision and update to keep it current with professional practices.
Other measures would include: practical experience, on-going educational
requirements and periodic recertification.
When evaluating certifications these are the questions to ask:
Is the certification independent (or is the vendor certifying themselves)?
Is there a Common Body of Knowledge defined for this certification?
Is there a practical experience requirement?
Is there a on-going education and recertification requirement?
I know the answer is yes to all these questions for the CISSP and CISA
certifications. That's why I give them credence when evaluating candiates
for employment.
Bill Stackpole, CISSP
Olympic Resource Management
"My opinions are my own and do not always reflect those of my employer."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
