Certifications

What is meant by certification? For our purposes, certification means that based on your experience, education, and successful passing of a test, generally given by some InfoSec or related association, you have basic knowledge and ability that meet the criteria for certifying you as a professional or expert in a particular field.

Using the word expert may not be the right thing to do, because in the InfoSec business, technology and systems vulnerabilities change rapidly, making it impossible for anyone to be an expert. So, let's say that by being certified, you are considered to have expertise in the particular field.

There are several certifications that are directly related to the position of an ISSO. A professional ISSO should have the basic knowledge in some, if not all, of these ISSO-related certifications. There are several associations that certify professionals in InfoSec-related professions. Some certifications are widely acknowledged throughout industry, while others are not—their sponsors may have developed them as a get-rich-quick scheme. These may look good on paper but are really meaningless. No certification is worth anything without being accepted by the ISSO profession, then by related professions, and most importantly, by executive management—for example, the Certified Public Accountant (CPA) is widely recognized throughout industry.