Does Certification Matter? - Dan Rathbun

www.giac.org

•  
• Overview
  • Mission Statement
  • FAQ
  • Code of Ethics
  • GIAC Ethics Council
  • Code of Ethics - Violation Submission
  • EEOC Policy
  • Proctor Policy
  • Program Overview (PDF)
  • Contact
• Why GIAC
  Certification Matters
• Certifications
  • Roadmap
  • Steps To
  • Security Admin
    • GAWN
    • GCFA
    • GCFW
    • GCIA
    • GCIH
    • GCUX
    • GCWN
    • GISF
    • GREM
    • GSEC
    • GCED
    • GPEN
    • GWAPT
  • Management
    • GISP
    • GSLC
    • GCPM
  • Audit
    • G7799
    • GSNA
  • Legal
    • GLEG
  • GLEG
  • Software Security
    • GSSP-NET
    • GSSP-JAVA
  • GSE
  • GSE-Malware
  • GSE-Compliance
  • DoD 8570
  • Retired Certifications
• Certified
  Professionals
  • Listings
    • G7799
    • GAWN
    • GCFA
    • GCFW
    • GCIA
    • GCIH
    • GCUX
    • GCWN
    • GISF
    • GISP
    • GREM
    • GSEC
    • GCED
    • GSLC
    • GSSP-NET
    • GSNA
    • GPEN
    • GCPM
    • GLEG
    • GSSP-JAVA
    • GWAPT
    • Retired Certifications
  • Profiles From The
    Front Lines
  • Does Certification Really Matter?
  • GIAC Hero
  • Business Card Logos
• GIAC Gold
• GIAC Expert Level
  • GSE
  • GSE-Malware
  • GSE-Compliance
• GIAC Help and Information – NEW
• Challenge Info
• Registration Info
  • GIAC Pricing
  • Challenge Certification
• Exams
  • Practice Tests
  • Deadlines
  • Exam Technical Issues
• Proctor Program – NEW
  • Program Details
  • FAQ
  • KRYTERION Sites
  • Proctor Policy
  • Proctor Forms
  • Computer Requirements
• Retakes & Extensions
• Recertification
• Exam Feedback Procedure
• Grievance Procedure
• ADA Accomodation Policy
• Job Listings
• SANS Portal
• SANS Home
• SANS Software Security Institute
• SANS Reading Room
• Direct Links G7799 GSAE GPCI GSNA GAWN-C GCDS GLFR GLIT GBLC GLEG GCIP GHSC GISP GFSP GEWF GEIT GLDR GCIM GCPM GSLC GCSC GSPA GOEC GISO GISF SSP-CNSA GGSC-0400 SSP-DRAP SSP-MPA GGSC-0200 GSEC GGSC-0100 GPEN GSOC GWAS GWAPT SSP-GHD GCWN GCFA GCED GHTQ GCIA GCIH GCFW GIPS GCUX GAWN GNET GREM GSIP GSSP-C GSSP-JAVA GSSP-NET
•  

• Listings
• Profiles From The Front Lines
• Does Certification Really Matter?
• GIAC Hero
• Business Card Logos

This is the fourth in a series where I am trying to pin down what the true effect of a given certification is. If you hold a GIAC or other information security certification and are willing to be interviewed by email, send a note to stephen@sans.org

Stephen Northcutt - The SANS Institute

• Peter Giannoulis - Information Security Consultant, Access 2 Networks, GIAC Certified (PDF)
• Charles Hamby, GIAC Certified (PDF)
• Lori Homsher - Senior Manager, Advanced Technical Skills, GIAC Certified (PDF)
• Maarten Hartsuijker - Senior Manager, Advanced Technical Skills, GIAC Certified (PDF)
• Kevin Alford - Senior Manager, Advanced Technical Skills, GIAC Certified (PDF)

• An interview with David Fitzgerald - April 2, 2008
• An interview with Kevin McLaughlin - March 27, 2008
• An interview with Gabriele Biondo - February 11, 2008
• An interview with Fred Abell - December 7, 2007
• An interview with Geoffrey Poer - November 28, 2007
• An interview with John Strand - October 3, 2007
• An interview with Stephen Sims - October 2, 2007
• An interview with Jim Hendrick - October 2, 2007
• An interview with Seth Misenar - June 5, 2007
• An interview with Ronaldo Castro de Vasconcellos - April 30, 2007
• An interview with Dan Rathbun - April 30, 2007
• GSEC v. CISSP - March 19, 2007
• An interview with Matthew Romanek - December 6, 2006
• An interview with Andrew Hay - July 2, 2006
• An interview with Chris Cooper - May 3, 2006
• An interview with Leonard Ong - March 29, 2005
• An interview with Don Murdoch - December 3, 2004
• An interview with Brian Stafford - June 25, 2004
• An interview with the GIAC Advisory Board - June 1, 2004
• An interview with Peter Giannoulis - May 21, 2004
• An interview with Shabbir Bashir - May 12, 2004
• An interview with Craig Robertson - April 28, 2003
• An interview with Steven Drew - March 25, 2003
• An interview with Darrin Wassom - March 18, 2003
• An interview with Stephen Northcutt - January 2002

Thank you for agreeing to the interview Dan, how did you get into the information security field?

Well, I'm a 15 year veteran of IT Operations here in New England. I work for a large consulting and engineering company based outside of Boston. After managing IT Operations for a number of years, and showing a sustained interest in security, I was promoted to an Information Security Specialist role. The challenge that I am faced with is to establish the first formal information security program for my company.

Over the past several years security has become increasingly important to our clients. Consequently, our level of commitment to security has a direct impact on our ability to achieve business goals and to sustain profitable growth. The SANS Security Leadership Essentials For Managers course provided me with the knowledge required to be effective in meeting this challenge. It was exactly what I needed to bring the big picture clearly into focus!

What about training and certification?

With regard to my training history, I have attended many classes and earned numerous certifications during my career. Current certifications that I hold include:

• GIAC Security Leadership Certification (GSLC)
• GIAC Security Essentials Certification (GSEC-GOLD)
• Certified Information Systems Security Professional (CISSP)
• Certified Software Manager (CSM)

Certifications that I have also attained include:

• Cisco Certified Network Professional (CCNP)
• Microsoft Certified Systems Engineer (MCSE)
• Certified Banyan Engineer (CBE)
• Certified Novell Engineer (CNE)

So, the fifty thousand dollar question is Dan, does certification matter?

I am firmly convinced that certification matters! As an employee, achieving certification provides me with a sense of accomplishment and an opportunity to demonstrate mastery of the material. I have learned that the anticipation of an impending exam can be a most effective motivator. I have also found that training and certification serve to broaden my awareness of industry best practices. Being exposed to new ideas and methodologies prevents me from becoming too parochial and allows me to maximize my value to the organization.

As a manager, I have always tried to emphasize the training and development of our employees. Fortunately, this is a value that my employer shares. Our organization is committed to promoting a learning culture. We have demonstrated that by making a sustained investment in our employees, we can increase their engagement and maximize their performance. When an employee takes that next step and pursues certification, it just amplifies the benefit and instills them with a sense of professional pride.

However, I believe the primary advantage of certification is that it can provide a tangible financial benefit to our organization. When we can demonstrate our expertise by identifying the various certifications that our IT team possesses, it can serve to build confidence in our capabilities and to distinguish us from the competition. This can result in a substantial contribution to the bottom line.

What do you see as the biggest challenge you will be facing with respect to information security in the next year or two?

Currently we are experiencing rapid growth, both organically and through mergers and acquisitions. The challenge of initiating a framework for information security while simultaneously integrating new acquisitions is likely to keep all of us very busy!

What do you envision yourself doing in two to five years, can you describe what you feel is the ideal job situation for you?

I am fascinated with the challenges of International IT Governance. Our business is impacted by numerous regulations, some of which have overlapping security requirements. I would like to drive the adoption of an IT Governance Framework that consolidates these requirements in order to leverage our IT investments.

Can you tell us something about the person Dan Rathbun is, tell us something about your life?

On a personal note I am a Christian, and an itinerant preacher ministering the word of God throughout New England. My wife Carol and I love and enjoy our six year old twins, Jonathan and Rachel. I also play keyboards in a rock band named Covenant. We released our first CD entitled "Loose Cannon" in 2006! It is a fun project, and it affords me an opportunity to collaborate with some very talented people.

• Listings
• Profiles From The Front Lines
• Does Certification Really Matter?
• GIAC Hero
• Business Card Logos

© 2000-2010 The SANS Institute

SANS Web Privacy Policy: www.giac.org/privacy.php - Web Contact: webmaster@giac.org

Phone: 301-654-7267 | Mon-Fri 9am-8pm EST/EDT

(ISC)² and CISSP are registered marks of the International Information Systems Security Certification Consortium, Inc.