This morning I was reading a short piece by Gary Beach, Publisher Emeritus of CIO Magazine in which he asks if he’s “certifiably nuts” for encouraging broad-based, state-administered technology certification programs. The short answer from me- no, not really. I would though, like to support the spirit of Gary’s call with my own encouragement.
Many who know me will attest to the fact that I continually encourage my staff to achieve well recognized, vendor-neutral, industry certifications. In most cases, the response I get from people is movement toward the household-name vendor-specific certifications such as the four-letter C-words. It’s sometimes difficult to get people to think strategically, and if your shop is filled with equipment that’s all painted the same color with the same logos then one might think that a certification for that technology will bring value to the company. It probably doesn’t hurt, that’s true,… but those types of certifications primarily lean toward design, implementation, and operation of those technologies rather than the role played by those technologies in the business.
The higher level vendor-neutral certifications, such as those through ISC2, ISACA, and others require not only many years of experience to qualify to sit for the exams but often also many months of dedicated preparation leading up to the exam (I encourage my students at the University to sit for certification exams soon after passing the course final, and to use the classroom time as test-prep time). These credentials also show a “commitment to the craft,” through the requirements of re-certification after one holds one of those credentials. This “commitment to the craft” is a differentiating quality that I feel is visible to the audience served by the individual delivering the service.
My purpose in writing this article is not to diminish the value of vendor-specific certifications in any way. They have their place, for sure. I do strongly believe however, that certain higher level vendor-neutral certifications are more broadly valuable and are credentials that differentiate the individual in the marketplace.
In the piece referenced earlier, Gary Beach makes a suggestion toward not only vendor-neutral certification but also state-administered programs. Upon my first read, I took this as professional licensing to practice IT, a la the Professional Engineer credentials. He goes on though, and specifically states a non-onerous written exam certifying that an individual has general, broad base knowledge of IT. After all, professions such as truck drivers, home builders, teachers and beauticians have such a thing.
Personally, I lean more toward the former. I question whether we’d be able to maintain relevance and quality of a one-time, state-sponsored written exam. As an example, in how many states have you had a drivers license?… but can you remember differences in roadway regulations from state to state? Perhaps this isn’t the best analogy, but I think it marks an example of at least one of the weaknesses in state-sponsored qualification exams.
The idea of a state professional certification for certain levels of IT engineering may have some legs to it in my opinion. The second decade of the 21st century is so much different than the first, and nothing at all like the decade before that. IT infrastructure is foundational to daily life now. That foundation is also exposed to compromise (eg, Stuxnet) which introduces risk not only to quality of life but also basic public health and safety. Even within the walls of a commercial enterprise, we are beyond the days during which data processing environments can be “nailed up.” Security, governance, compliance, and privacy are factors that have to be thought-into technology infrastructure. Perhaps it’s reasonable to begin thinking about the level of credentials necessary to architect systems of a certain reach or range.
Thanks Gary, for the interesting food for thought.