Do IA certifications improve hiring, promotion & salaries?

The long view of security strategies for your network.

The economic doldrums that struck the United States and the rest of the world in 2008 and 2009 are not over yet, although the New Year brings hope of recovery.

Recently a young reader just completing his Certified Ethical Hacker (CEH) certification asked me whether information assurance (IA) certifications matter in getting a job, and if so, which certifications are best.

In "Professional Certification and Training in Information Assurance," (Chapter 74, by Christopher Christian, M. E. Kabay, Kevin Henry and Sondra Schneider) from the Fifth Edition of the Computer Security Handbook (Wiley, 2009), we write,

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The economic doldrums that struck the United States and the rest of the world in 2008 and 2009 are not over yet, although the New Year brings hope of recovery.

Recently a young reader just completing his Certified Ethical Hacker (CEH) certification asked me whether information assurance (IA) certifications matter in getting a job, and if so, which certifications are best.

In "Professional Certification and Training in Information Assurance," (Chapter 74, by Christopher Christian, M. E. Kabay, Kevin Henry and Sondra Schneider) from the Fifth Edition of the Computer Security Handbook (Wiley, 2009), we write,

Sometimes students, professionals and marketers use the terms "certificate" and "certification" interchangeably. In addition, academics and professionals sometimes differ in their interpretation of "accreditation."

• A certificate is a "document providing official evidence: an official document that gives proof and details of something such as personal status, educational achievements, ownership, or authenticity."

• Certification, in this context, is the process (thus, a verb) of examining the work experience, knowledge and trustworthiness of a candidate for a particular certificate; confusingly, the certificate granted for qualified applicants is often referred to as a particular certification (and thus, a noun).

• "Accreditation" refers to the process of "officially recogniz[ing]" a person or organization as having met a standard or criterion. In information assurance, accreditation is carried out by official, industry- and government-recognized bodies.

In a later section of the chapter, we write,

Certification differs from a certificate program, which is usually an educational offering that confers a document at the program's conclusion.

Accreditation of a certification involves a voluntary, self-regulatory process established by defined organizations and using published standards. Accreditation is granted when stated quality criteria are met.

By submitting to accreditation and enforcing documented, verified standards for professional certification, organizations … seek to protect the public and consumers against meaningless claims of professionalism.

This article and the next two focus on certification. In line with the comments above, readers should always investigate the degree of accreditation backing any given certification; unaccredited certifications may be worth the same as the degrees that are offered as "Degree Without Studying: Earn an Accredited Degree based on your Work or Life Experience."

In general, IT specialists are doing pretty well despite the rotten economy. Indeed, some reports indicate that employers are actually having trouble filling high-end, specialized positions.

In April 2008, Denise Dubie of NetworkWorld wrote, "A CompTIA skills survey released in February had security listed as the No. 1 skill among three-quarters of the 3,578 IT hiring managers polled. Foote Partners reports that security skills accounted for 17% of base pay in the fourth quarter of 2007, and pay for network security management skills increased by more than 27% in 2007." She added, but going forward, IT professionals will need to be able to incorporate their security savvy into network, wireless, application, operating system and other IT areas to best compete.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.