Professional certifications are processes one may undertake to confirm he or she has the skills and knowledge required for a particular job, task, or role. These are generally provided by appropriate authorities, major industry organizations or government bodies; for the fields of information security, these are firms such as Cisco, ultimately verified by the U.S. Department of Defense (DoD Cyber Exchange, n. d.). Certifications provide a baseline standard for the core competencies involved in a particular area or field.
To a business, the benefits of professional certification stem from the standardization it enforces. In addition to ensuring that a prospective specialist is familiar with the required technologies and techniques, certification also creates a framework for problem-solving approaches, facilitating cooperation and reducing the time required to agree on a solution. Furthermore, certification requirements also shape a shared terminology, allowing employees with different backgrounds to communicate more easily. Thus, professional certification reduces the time an organization has to spend seeking and training new specialists.
For the specialist, having professional certification allows quickly identifying suitable employment opportunities or, if a particular certification is missing, the requisite steps towards acquiring it. To learners, certification creates a set of learning objectives, guiding curricula and helping choose required courses and other materials (Knapp et al., 2017). Moreover, certifications guide learning outside of the classroom, which generally leads towards more practical, real-world experience that education institutions can fail to provide (James & Callen, 2018). The organizational benefits described above also apply to individual employees: familiarity with the relevant terminology, technologies, and techniques allows one to integrate into to workforce faster.
Based on these benefits, requiring professional certification from prospective employees allows organizations to mitigate risks. The most obvious of such risks is that of hiring an underqualified specialist, who may lack experience, knowledge, or both. As mentioned previously, a certification ensures that the applicant has a baseline level of understanding of the area and of the methods applied therein. The familiarity with general threats and threat mitigation strategies entry-level certifications provide can be valuable to more than cybersecurity specialists. As many cyber attacks against organizations can begin with malware, phishing, or social engineering as their method of infiltration, knowledge of these threats and appropriate response methods can be valuable for any employee. For the decision-makers, knowledge of the principles of cybersecurity, common threats, mitigation and incident response strategies can also be critical (Garcia-Granados & Bahsi, 2020). The knowledge proven by a certification can guide them in their policy-making, mitigating the risk of creating inappropriate or inefficient policies (Garcia-Granados & Bahsi, 2020). Thus, requiring appropriate professional certification is beneficial throughout the organization’s workforce, including employees who are not directly involved in cybersecurity.
The same standardization is itself a mitigating factor in any collaborative effort. When developing an information system and its security components, ensuring that every employee understands his or her responsibilities is critical. For that, the terminology and frameworks that certification provides can be invaluable to create a common ground for development and communication, including that across employee levels. This becomes particularly important during incident response scenarios, where any delay can mean the difference between thwarting an attack and suffering a critical data breach. As such, having a shared understanding of common techniques, as well as the skills to communicate quickly and efficiently plays a significant role. Thus, cybersecurity certification helps mitigate any of the risks that can be attributed to miscommunication.
References
DoD Cyber Exchange (n. d.). DoD approved 8570 baseline certifications. Web.
Garcia-Granados, F., & Bahsi, H. (2020). Cybersecurity knowledge requirements for strategic level decision makers. International Conference on Cyber Warfare and Security. Academic Conferences International Limited. Web.
James, J. E., & Callen, J. (2018). Cybersecurity certifications matter. Issues in Information Systems, 19(3), 193-201.
Knapp, K. J., Maurer, C., & Plachkinova, M. (2017). Maintaining a cybersecurity curriculum: Professional certifications as valuable guidance. Journal of Information Systems Education, 28(2), 101-114.