Certification Outside Technology
BackBy Robert Winding — November 2007
You’re an accomplished technologist. You have several highly sought-after technical certifications. Perhaps you’re a Microsoft Certified Systems Engineer (MCSE), a Cisco Certified Network Associate (CCNA) or an Oracle Certified Professional (OCP).
You have a few years of experience and have taken on progressively more challenging assignments.
Now, you’re considering what options you have as you pursue training for the next step in your career. Technical certifications are certainly critical, and they’ve likely been a big part of your success. But why not consider broadening your skills with a nontechnical certification? You might want to consider this for several reasons:
- Moving into management.
- Obtaining a leadership position.
- Becoming better aligned with the business.
- Broadening your potential customer base.
- Differentiating yourself to employers.
Technology might be your core skill, but many companies and consulting firms seek individuals who also have broader experience in applying those skills to some difficult business problems. No IT endeavor can be successful without skilled — often certified — IT pros.
It is important to have knowledge and skill in the broader business context of implementing technology. After all, technology is a tool of business, not an end unto itself.
Obtaining a nontechnical certification and applying it to your work can deepen your understanding of the link between the objectives of business and technology, which can lead to greater exposure to the businesspeople in your organization and prepare you for leadership or management positions.
There are a variety of nontechnical certifications. Similar to their technical peers, these certifications usually require a course of study, exams and sometimes documented work experience. Often, professional organizations offer them.
Although many technical certifications are linked to vendor technology, nontechnical certifications are vendor-independent. They are sometimes linked to an industry, however. This is particularly true of certifications that address regulatory requirements.
Project Management Institute Certifications
Project management is key to the effective implementation of any project — it’s more than financial accounting, resource management and scheduling. Effective project management helps teams ensure the project produces a deliverable response to the requirements. It also helps identify and mitigate the issues and risks that a complex project inevitably encounters.
When done well, project management helps build team unity and maintains a high level of focus and productivity. It’s a tool that serves the project team. The overall effect helps ensure budget and schedule, and it produces a quality product that meets the needs of the customer or business.
As you progress in your career, you no doubt will be asked to take on project management responsibilities. This might involve designating a team or project leader, lead developer or project manager. Being prepared with the right knowledge and skills will be critical to your success in this role.
Or maybe you have had many project management successes and are looking for the opportunity to lead larger or more high-profile projects. The Project Management Institute (PMI) has certifications that can help you get the right skills. It offers three credentials: Program Management Professional (PgMP), Project Management Professional (PMP) and Certified Associate in Project Management (CAPM).
CAPM is the entry-level credential. It requires a high school diploma and either 1,500 hours of project management experience working on a team or 23 hours of formal project management training to sit for the exams. The training can be PMI classes, college courses, distance-learning programs or internal company programs — self-study is not accepted. The exam includes 150 questions with reference material in “A Guide to the Project Management Body of Knowledge” (PMBOK Guide).
Individuals who are already headed down the project management path might consider PgMP or PMP certifications. The main difference between these certifications is that the PgMP addresses the issues regarding program management (which involves a collection of related projects that must be completed to achieve a business objective).
These projects likely will be related in time and have dependencies, and they might involve overlapping resources. An example is a financial system conversion that takes place because of a company acquisition.
There might be several related projects, including data cleaning and conversion, application development, user training and capacity planning. The successful execution of the conversion will require the coordinated delivery of these projects.
In contrast, PMP’s focus is on the management of individual projects. These credentials have different prerequisite eligibility requirements, depending on whether you hold a bachelor’s degree.
- A PMP candidate with a bachelor’s degree will need three years (4,500 hours) of project management experience and 35 hours of formal project management training. Without a degree, a candidate will need an additional two years (3,000 hours) of project management experience. The eligible candidate will then sit for the exam, which is made up of 200 questions that cover project initiation, planning, execution, monitoring and controlling, closing, and professional and social responsibility.
- A PgMP candidate with a bachelor’s degree will need four years (6,000 hours) of project management experience and four years (6,000 hours) of program management experience. If your bachelor’s degree is from a university accredited by PMI, you get 1,500 hours of credit toward the experience requirement. Without a degree, a candidate will need an additional three years (4,500 hours) of program management experience. Assuming you’ve met the eligibility requirements, you’ll need to pass the exam, which consists of 170 multiple-choice questions. The exam covers six areas: defining, initiating, planning, executing, controlling and closing the program.
Additionally, PMP is not a prerequisite for PgMP. SANS/GIAC and ISACA Audit Certifications IT audit and compliance have become a greater concern for businesses of all sizes. This is due to the ever-increasing laws and regulations that govern the confidentiality, integrity and availability of data entrusted to, or managed by, companies. These include Sarbanes-Oxley, the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act.
One way IT professionals can broaden their skills and differentiate themselves is to obtain an IT audit certification. Often, internal audit and compliance groups focus on financial audits and might not have the technical expertise to properly assess compliance of systems and their configurations. Because audit departments often work with a company’s core business units and executive management, having some common ground with audits is a good way to get greater exposure to the businesspeople in your organization.
Another benefit is that, although most IT pros are aware of these issues, they don’t understand them in the context of audit and compliance requirements. This can lead to building noncompliant systems, hence, receiving negative audit findings that could have been avoided.
Having knowledge of audit requirements and the audit process will help set a context for some of the IT work you perform, whether it’s system design, administration or application development. Additionally, it will bring you closer to the business and help you avoid making mistakes that could result in audit findings on systems for which you’re responsible.
SANS offers several audit certifications, including the GIAC Security Audit Essentials (GSAE) and GIAC Systems and Network Auditor (GSNA).
SANS certifications have two levels: silver and gold. The former is exam only. Additionally, SANS offers courses that cover all the material for a given certification, but you can take the exam without taking the class if you think you possess the requisite skills.
The GSAE and GSNA require two 75-question exams. Upon passing the exam and obtaining the silver certification, you can apply for the gold certification, which requires a white paper that demonstrates a thorough knowledge of the material that extends beyond the course. For example, for an audit certification, you might write a white paper that details the process of performing an audit on a system or device.
Further, SANS certifications expire and require retesting to maintain certification. The CSAE and GSNA expire in four years, but if you have the gold certification, another white paper is not required.
ISACA offers the Certified Information Systems Auditor (CISA) certification. CISA tests the knowledge and skills required to perform IT system audits. As with SANS, ISACA provides exam-review classes. But like PMP, CISA requires demonstrated work experience. CISA holders do not need to retest, but they must participate in ongoing professional development to maintain the certification. The following are some
highlights of the requirements:
- Pass the 200-question CISA exam.
- Have a minimum of five years IS audit, control or security experience. Substitution is allowed for related experience, formal education and teaching (up to four years).
- Agree to a code of conduct.
- Complete at least 20 continuing professional education credits annually, 120 in a three-year period.
- Pay a certification maintenance fee.
The Association of Professionals in Business Management (APBM) Certifications
Often, it’s difficult for IT pros to effectively communicate and build consensus with the businesspeople at their company. This makes the ideal matching of technology to business objectives more difficult. But accomplishing this is important because it’s the businesspeople who hold the financial keys — they can help or hinder your projects or career.
Part of the problem is the lack of a common base of knowledge and vocabulary. IT pros might find themselves as bewildered in a financial review as a business operations manager is in a technical troubleshooting session. A business management certification might be the way to bridge this gap and open up some new opportunities.
The Association of Professionals in Business Management (APBM) offers two certifications designed to demonstrate your business knowledge: the Certified Business Manager (CBM) and Certified Associate Business Manager (CABM).
CBM eligibility requires a bachelor’s degree and four years’ work experience or a master’s degree with three years’ work experience. The CABM doesn’t have any minimum education and work experience requirements. It’s designed for people who do not have formal business training such as a bachelor’s degree in business or a master’s degree in business administration.
CBM and CABM test a common body of knowledge for business that is organized into 10 areas:
- General management and organization.
- Operations management.
- Marketing management.
- Quality and process management.
- Human resource management.
- Information technology.
- Corporate control and governance.
- International business.
APBM offers training materials, preparation guides and a study plan to help you build the knowledge necessary to obtain the CBM or CABM. The APBM requires CBM content to be at the master’s level and the bachelor’s level for CABM.
Within 16 hours, CBM candidates must pass a four-part exam that consists of 400 questions and a written case analysis. The exam is pass/fail. The CABM exam consists of 200 multiple-choice questions. Four hours are allotted to complete the exam, and you must score at least 75 percent to pass.
The CBM and CABM are independent certifications — one does not lead to the other, and CBM eligibility requirements are not waived for CABM holders.
Outside the professional realm, many colleges and universities offer some form of certificate in business management. These are not certifications, and they typically do not have exams but only require attendance.
The prerequisites will vary, but many continuing education programs will not require formal prerequisites. From that perspective, you only get out of it what you put into it, and it is harder to provide an employer with an objective measure of your knowledge.
These programs, however, usually cover topic areas similar to those in the CBM and CABM. Depending on your experience and circumstances, these programs might be used as a step toward certification or as an alternative.
It’s easy for IT pros to focus on just refining their technical skills. Certifications are a great way to do this and demonstrate to employers both your commitment and your ability.
Nontechnical certifications can play a similar role in helping your career. They will provide you with the knowledge to be more successful in your projects and responsibilities, help you better understand how technology fits into your organization’s business objectives and prepare you for new opportunities.
So, the next time you’re thinking about professional development, take a look at nontechnical certifications. One of them may be just what you need.
Robert Winding is an information security professional at the University of Notre Dame, where he designs, implements and supports information security solutions. He can be reached at email@example.com.