Skirmish Over Certification Process Seen Continuing in 2011
Perceived Allies Split Over New Way to CertifyA skirmish over how IT security pros should be certified surfaced in 2010 and likely will intensify this year, pitting two groups of government veterans with vast IT experience, individuals many see as traditional allies in promoting cybersecurity education.
One side is backed by the Center for International and Strategic Studies, the group that sponsors the Commission on Cybersecurity for the 44th Presidency, which issued a white paper this past summer calling for a new approach to certifying IT security professionals. Karen Evans, who served as the highest ranking government IT official in the Bush White House, and Franklin Reeder, a former Office of Management and Budget executive, wrote the white paper.
The other side is led by (ISC)2, the not-for-profit consortium that offers IT security certification and training, whose executive director is former Interior CIO Hord Tipton. He contends the current regime of certification has served the IT security professionals well. (ISC)2 conducted a survey this fall that it says shows a majority of IT security professionals have faith in the current approach to IT security certification.
What makes this issue critical is the push by the federal government to increase significantly the size of its cybersecurity workforce while assuring IT security pros are qualified to do the job. Indeed, the idea has been raised to require some type of credential for IT security professionals who work for the federal government, a proposal that would be hard to achieve in the near term.
Each side suggests the other side's position is to push their respective agendas. Reeder, in an interview, said he believes the same organizations that provide information security training should not grant professional certifications, contending it could pose a conflict of interest. Tipton contends organizations such as his have created firewalls to prevent such conflicts.
Some supporters of the current system point out that Reeder chairs the Board of Information Security Examiners (Evans and CSIS's James Lewis are directors), a newly formed not-for-profit organization that promotes the new approach to IT security credentialing. Others, though, see Evans, Reeder and their associates merely trying to put into practice what they preach.
The back and forth between the two sides has been testy, at times, but that's okay. Such expression of passion is good for the information security profession, because it highlights the need - whether through traditional ways or new ones - for continuing education for and credentialing of IT security pros. There's no debating that.