As organizations undertake digital transformation initiatives, cybersecurity concerns rise in significance. Digital transformation efforts often lead to the selection and implementation of new technology solutions, increasing the complexity of the computing environment and, therefore, increasing the attack surface of the organization. Cybersecurity professionals must remain at the top of their fields, keeping abreast of changing technologies. Certification programs provide IT leaders with an objective yardstick as they evaluate their teams’ existing skills and identify potential skill gaps.
Certifications provide a relatively low-cost way to learn new technologies in a structured manner and demonstrate knowledge of core content through a standardized exam. But the siloed nature of the IT field makes it impractical to have a single broad-based IT certification program, like the Certified Public Accountant certification that is used within the accounting profession. For this reason, senior IT executives must create a security certifications approach that is tuned directly to their individual organizations’ needs.
IDC recommends that CIOs consider the following:
- Identify clear goals for your organization’s use of cybersecurity certifications. Are certifications used primarily as a candidate screening tool? Will you support current employees earning additional certifications as part of their professional development? Will the organization provide financial support for continuing professional education?
- Evaluate the appropriate role for certification programs in your hiring process. Do your job descriptions contain listings of mandatory certifications? If so, are these certifications truly mandatory due to legal or contractual requirements? If not, can the job description be modified to prevent screening out otherwise qualified candidates?
- Leverage certification as a tool to fill critical skill gaps. When you face critical skill gaps in your cybersecurity team, consider using certifications as an incentive to encourage cross-training of existing staff.
Security certification programs are a valuable tool for employers seeking to hire and retain qualified staff. As with any professional development effort, certification efforts should be strategically planned and tactically monitored. For more information, see Security Certifications: Seven Things CIOs Need to Know (Document #US44117518 on idc.com).
Mike Chapple is an adjunct analyst with IDC’s IT Executive Program (IEP). Learn more about what IDC’s IT Executive Program can do to help you lead your business by visiting idc.com/itexecutive.
Martha Rounds, Research Director