Certification more political than practical

Some months ago, I proudly earned my Global Information Assurance Certification (GIAC) in network intrusion detection from the Bethesda, Md.-based SANS Institute Inc. I was impressed by the technical depth of the course and by the difficulty of the evaluation process.

I’m confident that any potential hires with this certification know one end of a TCP packet from the other. But whether they would ever get to use that knowledge in a commercial environment is a different question. The certification process goes much technically deeper than any security professional ever needs to in our environment.

That depth comes with a price, in terms of breadth. To cover network intrusion-detection systems in such detail means that host-based detection systems and other subjects are skimmed over. I recently completed my Certified Information Systems Security Personnel (CISSP) exam and found that it has gone to the opposite extreme, sacrificing much-needed depth for breadth. So are such certifications worth it? Perhaps, but not for the reasons you read about in the marketing literature.

The Claims vs. the Reality

The SANS Institute has data showing that people with a GIAC earn 12 per cent more than staffers without the qualification. This is a cute statistic, but one with questionable meaning: Better-funded companies are more likely to send their employees for GIAC certification and are more likely to pay them better. Professionals with the certification are generally more senior and experienced than noncertified staff. This doesn’t prove that the GIAC raises your income.

I’d like to see statistics on the salary levels of staffers who fail their GIAC test, but I know I won’t anytime soon. (If you’ve ever offered a higher salary to new hires based on their certifications, I’d love to hear about it in the Security Manager’s Journal forum.)

Despite the inflated salary claims, the SANS courses offer good training. We have sent staffers to courses and they have enjoyed themselves and improved their technical knowledge.

However, a review of job postings will show that the GIAC isn’t well known. I found 2,990 security job listings, of which seven mentioned GIAC and 11 mentioned SANS. A qualification requested for 0.6 per cent of jobs isn’t going to set the world on fire.

There is one certification that does a little better. The CISSP was mentioned in 75 job descriptions, or 2.5 per cent of the jobs. That’s better, but it’s still not great. A more interesting statistic is that more than 70 per cent of the jobs that required a GIAC also required the CISSP.

Friends told me of recruitment agents who refused to put their r

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now