FOR

Richard Starnes
president, Information Systems Security Association, Bluegrass chapter

For information security to mature as a discipline, we should explore the possibility of a professional governing body similar to that of doctors, lawyers or accountants. Certification seeks to ensure a basic level of knowledge and experience within a general area or in certain areas of specialty. There is no doubt that, because of certification, we have raised the level of professionalism in this industry over the past 20 years. To be clear, I do not believe that we should have a professional governing body administering all certification tests, though that is one approach raised. We already have several certification bodies that are industry recognized, ANSI-accredited and mature. However, it could be argued, these certifications might benefit from the independent review a professional governing body could provide. Independent review would add legitimacy, consistency and help curb some of the “fly-by-night” certifications that we have seen arise in our industry over the past several years.

 

 

AGAINST

W. Hord Tipton
executive director, (ISC)2

Prior to attempting to fix something, one must first be able to identify what is broken. Relevant to the statement above, I would ask, what problem is establishing a board of examiners attempting to solve? Are existing certifications really the problem of today’s federal information security workforce?

The vast majority of industry stakeholders conclude that certifications as they exist today are not the cause of our nation’s information security workforce challenges. Certification, standards and government bodies must instead work in collaboration to establish and reinforce a culture of security within federal agencies and to redirect the leadership toward security as a top priority with the goal of increasing funding for cybersecurity staffing, training and education initiatives.

After all, the efforts of all stakeholders to influence change will have a far greater impact than focusing on one narrow technical specialty.