Why Certify: Chris Cooper

Why Certify:

May 3, 2006

Chris Cooper, Senior Information Protection, Assurance, and Compliance Specialist, The Regence Group

How long have you been in the field of Information Security and what certifications do you currently hold?

I have been in IT for the past 8 years and off and on for a number of years before that. I just passed the CISSP exam and am working on follow-up paper work. I also hold a Security+, Server+, A+, MCSA, MCSE, CNA, and CSM.

Many people are wondering if a Security Certification really makes a difference, do you feel this has helped your career?

Often times, the harshest critics of IT certification are from people who hold none and don't care to put forth the effort extra and time. I worked at the Post Office 10 years ago and was mocked because I had a college education. This might sound a little trite, but if I encounter a boss or prospective employer who denigrates my education and training again, I'm out of there (with a couple of raspberries and a Bronx cheer for good luck).

I don't want to sound like an education/certification snob, but gaining diplomas and certifications demonstrates a willingness to follow through and to achieve a goal. Certifications are the best thing that ever happened to hard working and ambitious IT types; they're the great equalizer. I hear the often repeated lament, "I can't get a job because I have no experience and I can't get experience because I got no job." Well, the answer to that quandary is to get a lame job (lots of them going around), save a little dough, study real hard, and get a certification. Once that happens, things will change. If they don't, then something has to change for the individual. That could be something as simple as appearance and manner or dress, to thinking outside the box . like volunteering new-found expertise for a charity.

I am a promoting kind of person and really like to see people reach for the .brass ring.. Most people aren't doing that, which is to their detriment. To put it bluntly, they need to wake up and take action.

Do you feel professional certifications have helped your company's overall direction and bottom line?

I highly value certifications and continuing education as a way to become a happier, more effective person. Certifications have helped me stay focused and learn at an accelerated rate. I have also gained some confidence in the workplace. I like to feel that I am not .under the thumb. of the corporation as much as most people. I have no fear of being laid off, fired, outsourced, etc. I now know that I am solidly employable in most job markets. I can't imagine myself looking for work for months on end. I am constantly amazed at how many of my extremely bright coworkers do not care to become a .letter getter. or even want to go to training. I've attended training where my colleagues were playing hooky, surfing the net or half asleep during expensive, company-paid training.

Can you give me your reaction to:

More input. I trust that Foote Partners did the survey in the same manner as the previous five years and that their data is accurate. I'd be curious to see the list of 212 skills, the number of individual salaries they analyzed, what area of the country this survey covered, and the types of industries utilizing these IT workers. Knowing a little more would help, but taking the data at face value, I think there might be other factors than just certifications. This article would be a little more believable with some better data and if the reports for next year indicate the same thing, then there might be something to be concerned about.

What do you think the future for Security Certifications will look like, say three years from now. Will they be more, or less important than they are today?

I'd be curious to hear a management response to why they, all of a sudden, value undocumented skills over certified ones. It's true that there are numerous ways to pass certifications via bootcamps and practice tests that are very close to current exams. That may be a little off-putting to a prospective employer, if they are that involved in IT education to know the score. Another factor could be where the employees are being hired from. Is it overseas? Are IT staff being recruited from employment agencies? Are the uncertified people experiencing a boom this year because more entry-level positions are being filled or are companies re-sizing after downsizing for the past number of years?

I work for a health insurance company with 7000 employees with approximately 8% of them being in IT. The percentage has steadily declined since 2000 from roughly 11%. This is not unusual in a company whose earnings suffer when their customers lose jobs and drop of health care coverage. My company has recently adopted a new annual review policy for the employees. Until this year, employees were given one of three grades that tied directly to their annual increase (or lack thereof): Superior, Solid, and Needs Improvement. Now there are four grades: Needs Improvement, Core, Key, and Exemplary. On top of this, people at the lower end of the pay range for a given job, will receive a higher annual percentage increase than their more compensated coworkers who receive equivalent annual review grades. My point is, employers may be coming up with new ways to reduce or keep the aggregate cost of human resources at a manageable level.

I notice you hold a lot of certifications; is there any particular reason you do not hold any GIAC certifications?

No reason other than I only began to work in IT security full-time this last fall. My previous jobs in IT have been as a server admin, a supervisor of a desktop application deployment team, and a supervisor of a multi-state team of PC techs. So, my certifications were better suited for what I was doing at the time.

Do you plan to obtain any GIAC certifications?

Security has been an aspect of each of my previous job, but not the primary focus. I attended the SANS Intrusion Detection course last October and was very impressed with the quality of the training. I just submitted a request for the SANS On-Demand 401 Security Essentials course and expect to begin in the next 3-5 weeks. I will definitely seek the GSEC certification after I am finished with the 401 course.

Where do you think you will be three years from now career-wise?

I will be a technical lead in the IT Security team I work for now, or will take a job with the Federal government doing the same thing.