Certification more political than practical

Some months ago, I proudly earned my Global Information Assurance Certification (GIAC) in network intrusion detection from the Bethesda, Md.-based SANS Institute Inc. I was impressed by the technical depth of the course and by the difficulty of the evaluation process.

I’m confident that any potential hires with this certification will know one end of a TCP packet from the other. But whether they would ever get to use that knowledge in a commercial environment is a different question. The certification process goes much technically deeper than any security professional ever needs to in our environment.

That depth comes with a price, in terms of breadth. To cover network intrusion-detection systems in such detail means that host-based detection systems and other subjects are skimmed over. I recently completed my Certified Information Systems Security Personnel (CISSP) exam and found that it has gone to the opposite extreme, sacrificing much-needed depth for breadth. So are such certifications worth it? Perhaps, but not for the reasons you read about in the marketing literature.

Claims vs. Reality

The SANS Institute has data showing that people with a GIAC earn 12 per cent more than staffers without the qualification. This is a cute statistic, but one with questionable meaning: Better-funded companies are more likely to send their employees for GIAC certification and are more likely to pay them better. Professionals with the certification are generally more senior and experienced than non-certified staff. This doesn’t prove that the GIAC raises your income.

I’d like to see statistics on the salary levels of staffers who fail their GIAC test, but I know I won’t anytime soon.

Despite the inflated salary claims, the SANS courses offer good training. We have sent staffers to courses and they have enjoyed themselves and improved their technical knowledge.

However, a review of job postings will show that the GIAC isn’t well known. I found 2,990 security job listings, of which seven mentioned GIAC and 11 mentioned SANS. A qualification requested for 0.6 per cent of jobs isn’t going to set the world on fire.

There is one certification that does a little better. The CISSP was mentioned in 75 job descriptions, or 2.5 per cent of the jobs. That’s better, but it’s still not great. A more interesting statistic is that more than 70 per cent of the jobs that required a GIAC also required the CISSP.

Friends told me of recruitment agents who refused to put their r

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now