The type of certification program you speak of already exists today. There are a number of universities out there that offer certificate programs in network security, security management, etc. These programs typically include writing assignments, lab work with real world security solutions, projects, etc. Unfortunately these programs get zero respect in the real world. Granted there are a lot of them out there so there is some question as to the legitimacy. How about programs certified by DHS/NSA? Might not be a perfect system for measuring but a step in the right direction.

While we're at it, we should talk about full degree programs. Its a sad day when a recruiter tells you that you should put your CISSP higher on your resume than your undergraduate or graduate degree that specializes in some area of security.

Just to think out loud, instead of adding another certification to the already bloated collection, how about some type of methodology that could be incorporated directly into the interview process that would allow a manager (who may or may not be a security expert) to evaluate a candidate right there on the spot.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/443/34510#34510