Thursday, February 26, 2015

“Security Certifications Are For Fools”

The title for this blog is a comment that one of your colleagues added to an article I read last week.  

While your colleague is entitled to his opinion, I doubt that he gave any thought to how many hard working, highly certified security professionals he might have insulted with his comment.

In 2008, CISO job with a very good Human Resource Director client.   After one of the candidates I delivered to my client completed his interview process, my HR Director client called to give me feedback on the interview. 

During the course of receiving feedback from my client, I learned that the candidate I’d sent to interview talked too much.  This happens sometimes when interview adrenaline flows or when someone has the strength of Communication near the top of their strengths list and they don’t know it.

As I listened to my client’s feedback, a somewhat abstract skill set came to my mind.  When Mike was done speaking, he asked me if I had any questions.  His intention in giving me feedback was to help me fine-tune my recruiting process.

I asked Mike if what he was really looking for in a candidate was someone who knew:

"What to say, When to say, How to say, To whom to say and When to say nothing"
This set of ideas just came to me at that moment.  Mike said YES and told me to write down what I’d just said.

The point here is that we don’t need to say everything that comes to our mind.  Sometimes the audience is not right for what comes to our mind.  Sometimes the timing of our message is not good.  Sometimes what we have in our minds simply needs to stay in our minds.

I don’t think security certifications are for fools by the way.

There is a fine line between having enough certifications to confirm that you’re a student of your profession and having too many certifications.  

While some employers rely too heavily on certifications and turn their hiring process into a check box exercise, most employers like to see some evidence that a security professional is serious enough about their chosen career to have earned certifications to verify their subject matter expertise.'s Security Recruiter Blog