Is there a best certification?

What’s the best tool for solving a problem in your house?

There is no best tool for an undefined job. Nobody can rationally decide whether a hammer or a power drill is the “best tool” without specifying what job the tool is supposed to do. So it is with certifications.

In a conversation with a former graduate student recently, we were discussing precisely this question. The student, a U.S. Army veteran with a wide background in IT, was pleased with his MSIA degree but now wondering whether to hurry up and complete a Certified Information Systems Security Professional (CISSP) exam right away, wait until the graduation ceremony and exam in June, or take another certification such as the Certified Information Systems Auditor (CISA) or Certified Information Systems Manager (CISM). He was also considering Security+ certification.

Naturally, I responded to his questions with a preliminary, “Well, it depends” – the answer that gets academics in hot water with people (not my student) who insist on cut-and-dried, yes-no answers. I pointed out that there are lots of valuable certifications and lots of interesting career directions in security; the goal as we consider options is to find the intersection subset of useful certifications for interesting specializations in the field.

In my student’s case, he expressed interest in moving away from strictly technical, relatively low-level network-administration jobs into higher-level, security-management jobs. That information made it easy to point to the CISSP and the CISM as excellent career-enhancing certifications for him. He agreed with my comment that security auditing is a useful contribution to security management, so the CISA is valuable and appreciated by potential employers.

My student asked how he could best prepare for these exams. Would review guides or courses be useful? I responded that I’m skeptical about the long-term value of short cram-courses (for example, “three-day CISSP Prep”); however, longer courses, especially those that provide mentoring and discussion groups, can be useful to committed students. Review questions are useful as diagnostic tools; they can serve to warn a user that a section of the common body of knowledge for their certification exam is missing or unclear. Some exam guides have proven themselves over years to be of value and have now become textbooks in their own right. Shon Harris’ CISSP All-in-One Exam Guide is now in its Fifth Edition and has 1,216 pages – more than the Fourth Edition of the Computer Security Handbook (2002) from Wiley.

I admitted that I am completely biased, but I suggested that the Fifth Edition of the Computer Security Handbook (2009)  makes an excellent review text for the CISSP and for the Information Systems Security Management Professional (ISSMP) concentration.

Finally, I mentioned to my student that online study groups can be helpful in preparing for certification exams. In addition to the restricted MSIA-related group we run for alumni of our program, there’s an excellent public site that has a wealth of resources and forums for anyone interested in posting questions and sharing knowledge in our field.

Study well!

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now