The Certification Balance

Are cyber certifications truly proof of competency? Can we apply the saying “the more, the better” to certification?
“Boost your career with certification”

“Find the most popular cyber certification”

“Which certification is right for you?”

The cyber certification business online is huge. Lists of certification are extensive, each certification focuses on different cyber aspects and focal points may be confusing.

Are certifications proofs of competency?

Like any exam, certification is first and foremost proof of achievement of an exercise at a point in time. Does that mean that a person is legitimate to talk about cyber or, in particular, about ICS security? At BxC, our opinion is a clear “NO.” Certifications are proofs of completion of a specific type of exercise. Some certifications might require you to remember by heart information (in the age of digitalization, does it make sense to learn by heart a list of ports when it can be found in a few seconds online), others might create situations that can be considered as far from daily reality.

Therefore, certification is proof of someone’s ability to learn a topic according to the defined rules. At first glance, it does not mean anything about the person’s ability to implement or adapt a solution in your environment. However, it is too often considered as the number-one success factor in projects, whereas the ability to replace expert knowledge in a business context is often neglected. Without this soft skill, the know-how is fruitless for the enterprise.

Focus on training and not on certification

Instead of focusing on certifications, rather dedicate your time and energy to training: extend your knowledge of the field of choice, discover new aspects of cyber that might yet be unknown to you. You can choose your training based on the topic of your choice. The major certification authorities have very valuable and recognized training that is permanently reviewed and improved to bring the best content.

Do not underestimate the importance of practice: you forget what you do not practice very quickly because your brain focuses on your day-to-day challenges. Make sure you have enough spare time from your daily tasks to settle and deepen the learning in exercises and on-the-job practice activities.

In the resume and in interviews too, training and personal development can be put in the spotlight to highlight adaptability and recent learning.

Price of certifications and trainings

Certifications are covered mainly by employers as a sign of recognition. This is, in particular, the case as the price of certifications and renewal fees are onerous and represent a significant investment for companies. Training length is often around a week.

However, prices keep increasing in the past years. The cost of some of the most famous training like SANS has been more than doubling in the past five years. Choose your training wisely according to your field of interest and expertise to ensure you can prove it is worth the investment.

BxC Take Away

Certifications are not proof of the ability to advise in the cyber environment. A long list of certifications in the email signature of a person does not give you any valuable information on his ability to deliver a specific project activity and does not dispense a careful interview before collaboration. At BxC, we advise our clients to choose their project team on a broad set of criteria. Certifications are not on top of this set.

In your career, rather focus on a small number of good trainings rather than many certifications. In general, a few (2 or 3) certifications, well-chosen, are enough to make anyone go through the standard HR gateways. Then, experience, lessons learned, real-life cases will prove to have much more value if you can explain how it brings benefit to the project you want to join.