Where to invest your time in continuing education is a significant challenge facing security executives. The breadth and complexity of today’s security and risk management roles coupled with the expectations of your leadership team mean it is unlikely you can be successful in your career without considering continued education as a way to broaden your understanding of your organization’s business processes. This will advance your opportunities to participate in more meaningful ways.
Candidates often ask us “How do I stay current in my role?” Their initial strategy is to attend security industry events, obtain certifications and network with peers. These are all useful activities especially early in your career. However, if you wish to be viewed as an invaluable asset to your organization on a long-term basis, you will need to move out of your comfort zone. Rather than a sole focus on tactical and operational security topics, consider participation in non-security related educational opportunities that allow you to meet executives from outside your field.
SMR undertook a study in 2015 to attempt to identify how many security-related certifications were available. We exclude those issued by companies that pertained to their products, such as Microsoft Network Engineer or Lenel Certified Expert. To date, we have documented more than 120 different certifications issued by a wide variety of associations.
To further break down the numbers, we teamed with our sister company Security Jobs Network®, which has been gathering information on professional level security roles within the U.S. since 1999. Their database currently sits at more than 65,000 unique security job postings.
The ASIS International CPP is one most often mentioned as the leading certification in security management, so we analyzed SJN’s data to see how often CPP was mentioned in the published listings. In 1999, the CPP was mentioned 2.4 percent of the time. The high point was 2017 at 6.6 percent. In 2019, it dropped back to 5.3 percent.
Our analysis included a wide range of security roles, from CSOs to site manager. The data seems to suggest that only a small number of professional level security jobs consider CPP as a key factor in recruitment for the roles. Another way to view this indicator is that numerically, the number of mid- and upper-level security roles that require memorization of certain areas of knowledge has not significantly expanded.
SJN’s data also suggests that the proliferation of certifications has offered alternative, perhaps more focused paths that cause employers to not necessarily know exactly what they are looking for when they consider hiring for a security role. It is not uncommon to see anywhere from 2-10 “preferred” certifications, none of which are necessarily relative to the role accountabilities.
Going back to the original question about staying in – and advancing – your career, it seems the answer is “It depends on the role” and what your career aspirations are directionally. There is no magic bullet when it comes to advancing your career.
The world’s leading organizations don’t necessarily require their “C”-level executive to be certified in a particular field. Organizations often recruit senior level government and private sector executives to head security organizations. Are they any less capable leaders because they don’t have one or more certifications?
The point I wish to make is that in general, certifications were designed to measure someone’s knowledge in a specific practice area. They tended to be in relatively narrow areas of expertise and required a specified level of continued education to maintain the certification. This is true across numerous career fields from doctors to automotive technicians.
My recommendation is to choose your educational and certification programs carefully. Ensure that the program has clearly defined course material and test objectives that realistically measure relevant knowledge related to your accountabilities in your organization. For those candidates at the beginning or mid-point of their career, certifications can help set you apart from other candidates; however, no certification is an indication of your ability to lead a global program at a senior level of management and any such claim is misleading.
A lot of letters following your name will not advance your career if you cannot demonstrate a record of accomplishments, maturity, leadership and a wide range of interpersonal, non-technical skills to an organization. Today’s security executive needs to expand their business acumen and develop broad organizational skills and competencies in order be valued as part of the leadership team.