Trusting Security?
Trusting your security personnel, your security sources and security references is vital, but so is judging which of them deserves that trust. So how would you know?
There’s a whole forest of security certifications out there, some of them available to anyone, simply by paying for them, maybe take a short, small and general test and then getting the diploma in the mail (or by email for that matter). Having someone present some three or four letter certification after their name is always a plus, and in most cases the unsuspecting person will feign knowledge of the certification presented in order to avoid embarrassment. This is a dangerous route.
Whenever someone presents credentials and certifications, be sure to verify them, have them explain what kind of process lies behind the certification and what it took to achieve it. If the process is lengthy, the demands are high and the person is really proud of the certification, they will have no problem explaining it. They’ll be happy to.
Which Certification to Trust.
There’s really only one organization with a proven track record in certifying security experts – ASIS.
CPP (Certified Protection Professional) is the certification that hangs the highest. Demanding 9 years of security experience, including 3 years in a leadership role of some sort is a high threshold for most security people to cross. In addition to that, there’s the tens of thousands of pages that has to be almost memorized in order to pass the exam… Those are hard as well. This is for security management professionals, and covers the other two as well. Sort of.
PCI – for investigators. Experience in evidence gathering and analysis, education and professionalism are the key words for this one.
PSP – Physical Security Professional. This one signifies extensive experience and education in everything physical security. Threat surveys, design integrated security systems and everything fun.
ASIS is the self proclaimed “standard for security practitioners”, and rightly so. Having someone present credentials not backed by them is often a mistake in the making, and every other certification should be scrutinized thoroughly before being trusted.
If in doubt, visit any of the links above to look more closely at the certifications.