Why Certify?
1) Gain qualifications for a future job — 59.6 percent
2) Improve or confirm my qualifications for my current job — 55.8 percent
3) Gain greater confidence in my own skills — 41.8 percent
4) Become eligible for positions of greater responsibility with my current employer — 40.4 percent
5) Gain prestige and recognition among colleagues — 32.3 percent
6) Enjoy belonging to a community of certified professionals — 25.3 percent
7) My employer requires this certification — 23.2 percent
8) Gain advanced access to technical data — 20.4 percent
9) Enjoy receiving increased support from IT vendors — 6 percentPeople get certified for a variety of reasons. Two of the most common are to gain
knowledge (education) or to improve compensation (salary). There are other ratio-
nales, however, for earning and maintaining a certification. We asked survey respon-
dents to choose two that have been most influential in guiding their certification
decision making.CERTIFICATION SURVEY
SECURITYOne of the biggest challenges in the
field is a people problem. Nearly 83
percent of those surveyed either agree
(47.3 percent) or strongly agree (35.6
percent) that enterprise security staffs
are too small. The neutral “neither
agree nor disagree” middle ground
was staked out by 12.7 percent of
respondents, leaving a few ticks more
than 4 percent who disagree (3.6 per-
cent) or strongly disagree (0.7 percent)
that security staffs are too small.
Staffing shortages, however, don’t
tell the whole story. A perhaps equally
telling issue is the general lack of indi-
vidual security smarts. Slightly more
than 75 percent of those surveyed
either agree (44.9 percent) or strongly
agree (30.3 percent) that employees
not hired for technology jobs tend to
lack adequate basic information
security training.
Even people who are trained to
work with computers and
information technology (IT)
tend not to know as much
about security best practices as
they should. Three out of
every four survey respondents
either agree (52 percent of those
surveyed) or strongly agree (23.1
percent) that security training of
IT personnel on enterprise staffs —
those who perform specific IT func-tions — is not adequate.
The result is that security staffs
aren’t just contending with outside at-
tacks, but must also continually guard
against gaps in the security awareness
of their coworkers.Equipment and spendingOn top of manpower challenges
and a general lack of security training,
most of the certified information secu-
rity professionals who responded to
the survey believe that organizations
are bogged down by sketchy software,
hardware, and policy protections.
More than 62 percent of respondents
either agree (48.9 percent) or strongly
agree (13.9 percent) that enterprise
security controls are lacking.
That’s compared to just 12 percent
who either disagree (9.9 percent) or
strongly disagree (1.8 percent) that
controls are not up to snuff. (A further
25 percent of those surveyed signaled
a perhaps lesser degree of dissatisfac-
tion with the status quo by choosing to
neither agree nor disagree.)
Old or aging security technology
is also a hindrance. Nearly 60 percent
of those surveyed either agree (47.1
percent) or strongly agree (11.3 per-
cent) that enterprise security controls
are outdated. Some organizations,it would seem, are keeping up with
changes, as indicated by the 14 percent
of respondents who either disagree (12
percent) or strongly disagree (2.2 per-
cent) that controls are outdated. (The
remaining 27 percent of respondents
took no position.)
There is money being invested in
security technology, but most certified
security professionals don’t seem to
feel that security spending is either
carefully thought-out or adequate
to address problems. Nearly half
of survey respondents either agree
(28.9 percent) or strongly agree (17.6
percent) that money for enterprise
security measures is spent unwisely,
while just 15 percent either disagree
(9.9 percent) or strongly disagree (5.5
percent). (Thirty-eight percent took a
neutral position.)
A more serious problem concerns
the amount of money being spent, as
opposed to whether it’s been well-in-
vested. A worrisome 73 percent of
those surveyed either agree (42.5 per-
cent) or strongly agree (31.1 percent)
that there is not enough money being
spent to install or improve security
measures. Just 8 percent either dis-
agree (7.3 percent) or strongly dis-
agree (0.7 percent) that not enough
money is being spent, while 18 percent
neither agree nor disagree.%
(^)
(^)
(^)
(^)
(^)
(^)
(^)
(^)
(^)
(^)
(^)
12