Certification Outside Technology

  By Robert Winding —

SANS offers several audit certifications, including the GIAC Security Audit Essentials (GSAE) and GIAC Systems and Network Auditor (GSNA).

SANS certifications have two levels: silver and gold. The former is exam only. Additionally, SANS offers courses that cover all the material for a given certification, but you can take the exam without taking the class if you think you possess the requisite skills.

The GSAE and GSNA require two 75-question exams. Upon passing the exam and obtaining the silver certification, you can apply for the gold certification, which requires a white paper that demonstrates a thorough knowledge of the material that extends beyond the course. For example, for an audit certification, you might write a white paper that details the process of performing an audit on a system or device.

Further, SANS certifications expire and require retesting to maintain certification. The CSAE and GSNA expire in four years, but if you have the gold certification, another white paper is not required.

ISACA offers the Certified Information Systems Auditor (CISA) certification. CISA tests the knowledge and skills required to perform IT system audits. As with SANS, ISACA provides exam-review classes. But like PMP, CISA requires demonstrated work experience. CISA holders do not need to retest, but they must participate in ongoing professional development to maintain the certification. The following are some
highlights of the requirements:

• Pass the 200-question CISA exam.
• Have a minimum of five years IS audit, control or security experience. Substitution is allowed for related experience, formal education and teaching (up to four years).
• Agree to a code of conduct.
• Complete at least 20 continuing professional education credits annually, 120 in a three-year period.
• Pay a certification maintenance fee.

The Association of Professionals in Business Management (APBM) Certifications
Often, it’s difficult for IT pros to effectively communicate and build consensus with the businesspeople at their company. This makes the ideal matching of technology to business objectives more difficult. But accomplishing this is important because it’s the businesspeople who hold the financial keys — they can help or hinder your projects or career.

Part of the problem is the lack of a common base of knowledge and vocabulary. IT pros might find themselves as bewildered in a financial review as a business operations manager is in a technical troubleshooting session. A business management certification might be the way to bridge this gap and open up some new opportunities.

The Association of Professionals in Business Management (APBM) offers two certifications designed to demonstrate your business knowledge: the Certified Business Manager (CBM) and Certified Associate Business Manager (CABM).

CBM eligibility requires a bachelor’s degree and four years’ work experience or a master’s degree with three years’ work experience. The CABM doesn’t have any minimum education and work experience requirements. It’s designed for people who do not have formal business training such as a bachelor’s degree in business or a master’s degree in business administration.

CBM and CABM test a common body of knowledge for business that is organized into 10 areas:

• General management and organization.
• Operations management.
• Marketing management.
• Quality and process management.
• Human resource management.
• Accounting.
• Finance.
• Information technology.
• Corporate control and governance.
• International business.

APBM offers training materials, preparation guides and a study plan to help you build the knowledge necessary to obtain the CBM or CABM. The APBM requires CBM content to be at the master’s level and the bachelor’s level for CABM.

Within 16 hours, CBM candidates must pass a four-part exam that consists of 400 questions and a written case analysis. The exam is pass/fail. The CABM exam consists of 200 multiple-choice questions. Four hours are allotted to complete the exam, and you must score at least 75 percent to pass.

The CBM and CABM are independent certifications — one does not lead to the other, and CBM eligibility requirements are not waived for CABM holders.

Outside the professional realm, many colleges and universities offer some form of certificate in business management. These are not certifications, and they typically do not have exams but only require attendance.

The prerequisites will vary, but many continuing education programs will not require formal prerequisites. From that perspective, you only get out of it what you put into it, and it is harder to provide an employer with an objective measure of your knowledge.

These programs, however, usually cover topic areas similar to those in the CBM and CABM. Depending on your experience and circumstances, these programs might be used as a step toward certification or as an alternative.

It’s easy for IT pros to focus on just refining their technical skills. Certifications are a great way to do this and demonstrate to employers both your commitment and your ability.

Nontechnical certifications can play a similar role in helping your career. They will provide you with the knowledge to be more successful in your projects and responsibilities, help you better understand how technology fits into your organization’s business objectives and prepare you for new opportunities.

So, the next time you’re thinking about professional development, take a look at nontechnical certifications. One of them may be just what you need.

Robert Winding is an information security professional at the University of Notre Dame, where he designs, implements and supports information security solutions. He can be reached at editor@certmag.com.