Dear CertMag is a regular feature that addresses common questions about certification and related IT issues. Have a question? Send an e-mail to editor (at) certmag (dot) com.
Dear CertMag: I work in security for the IT division of a large national bank. I have an SSCP and CISSP from (ISC)². I’ve been through recertification on both a couple of times, but I’ve begun to question whether it’s worth the effort and expense. I work hard to stay current with changes in the industry, but I don’t feel like I’m better served in that regard by recertification than by my own efforts. I am comfortable in my current position and don’t anticipate changing jobs, but if I did, I don’t think a lapsed cert would stand my way of getting another job. Is it time to get out of the hamster wheel?
— Mary, Detroit, Mich.
In many industries, the burden of recertification can be challenging, as candidates are asked to track professional credits, continue to study emerging information in the field, and pay for new certification attempts or processes. Generally, the decision to recertify can be simplified down to two key factors: industry/specialization and motivation.
Industry — Different types of businesses are affected to a greater or lesser extent by a regulatory environment that views credentials as valuable and by a market that expects certain kinds of skills and certifications to assist in building trust in the institution. Financial services in general is a marketplace that is well acquainted with auditing functions that depend on ensuring the right people have the right skills doing the right things.
Specialization — The security function within the bank is one of those areas that is likely to be especially sensitive to key employees holding credentials relevant to the job. In the case of an adverse event or an investigation, the fact that an individual holds a credential provides a key trustmark from a third party that may be accepted by outside counsel, an auditor, or others that are involved in the situation. Unlike some general purpose functions — such as system administration — where the credential is likely more involved in skills extension or hiring, maintaining a security credential can be an important part of the recognized capability of the role or function.
An informal conversation with a manager in the function or who is responsible for the function could be a good path to determining whether your credential is seen as a key part of your role.
Motivation — Another factor for maintaining certification is personal motivation, which it sounds like may be the challenge at the moment. A good thing to do here could be going back to why you obtained the credential in the first place: it took time and effort and money to obtain.
The CISSP is considered a “cornerstone” credential in the marketplace, with probably one of the most widely recognized and accepted reputations in the industry. In your original work to obtain it, was the motivation to obtain the job in the first place? To add to your skills? Obtain a promotion or guard against weakness in the job market?
That motivation can be viewed in light of where you would like to go for the next couple years. If you allow the credential to lapse, will you still be able to be successful in your present role? Can you accomplish your job roles without the credential? Sometimes changes in seniority or promotions can make the credential no longer applicable.
As an example, a promotion into management could mean that the ISACA Certified Information Security Manager (CISM) or GIAC Security Leadership Certification (GSLC) is more applicable to your new role.
The term “hamster wheel” typically indicates someone has gone pretty well down the road to discontent. It could be that the credential may not be the problem — have you considered whether your role is still a good fit for you and for your family? Do you still find the work exciting?
If the answer to both of those is yes, then my strongest advice would be to find a new challenge that will help re-energize the way that your certifications apply to your job. It could be adding to the certification set, or perhaps mentoring others as a way to continue to sharpen your skills — making it easier to meet recertification requirements along the way!