Cyber and information security literature – including accompanying reader’s comments – continuously debate the merits of professional certification for cyber and information security professionals.
Some consider certifications an acknowledgment by an independent organization of their expertise in the security discipline. Others consider it a money grab by these same organizations and believe that certifications prove nothing.
Since I hold a number of certifications, I’ll understand if you feel that I have a personal stake in advocating for these certifications. But I believe the issue is greater than that. Given the prominence, risk and public concerns with security, maybe the question that is better asked is whether it’s time for security practitioners to be recognized and regulated as a profession rather than an occupation or industry and if so, what obligations would such a profession face.