What Makes For Credible Certifications?

Peter Stephenson contributed to a SC Magazine article that featured criteria for credible certifications. I found his comments worthwhile:

"The major question to be asked about certifications and their value is: 'Where does the cert come from and what are its objectives?'

A good industry certification will have several recognizable components if it is to be credible:

  • It is based upon an accepted common body of knowledge that is well understood, published and consistent with the objectives of the community applying it.

  • It requires ongoing training and updating on new developments in the field.

  • There is an an examination (the exception is grandfathering, where extensive experience may be substituted).

  • Experience is required.

  • Grandfathering is limited to a brief period at the time of the founding of the certification.

  • It is recognised in the applicable field.

  • It is provided by an organization or association operating in the interests of the community, usually non-profit, not a training company open to independent peer review.



There are credible certifications that are not money-grabs. However, as with anything that promises to improve the acquirer’s status, it is always a case of 'buyer beware.'"

Peter Stephenson is the executive director of the International Institute for Digital Forensic Studies. His organization's new Certified Information Forensics Investigator Certification (CIFI) follows these guidelines.

On a related note, Peter Denning wrote an article (.pdf) two years ago where he defined a profession as having four components:

  1. A durable domain of human concerns

  2. A codified body of principles (conceptual knowledge)

  3. A codified body of practices (embodied knowledge including competence)

  4. Standards for competence, ethics and practice

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics