Rick Howard: The word is: Certification
Rick Howard: Spelled: Certification as in a voucher of expertise.
Rick Howard: Definition: A credential demonstrating an individual's knowledge in the field of cybersecurity, usually obtained by passing an exam or series of exams.
Rick Howard: Example sentence: The Comp TIA Security plus certification displayed the job seeker's expertise with certain fundamental cybersecurity concepts.
Rick Howard: Origin and context: There are hundreds of cybersecurity certifications issued by a wide range of organizations, including educational institutions like Fairfax, university, vendors like N2K, and industry associations like the International Information Systems Security Certification Consortium or (ISC)², each focusing on a particular area of cybersecurity, like cybersecurity best practices, or CISS Prep for Certified Information System Security Professional Certification, or HCISPP Prep for Healthcare Information Security and Privacy Professional Certification and Six Sigma expertise. The non-profit (ISC)² began issuing the very first cybersecurity certification, the CISSP in 1994. But many certifications have an expiration date or require the holder to earn continuing professional education credits or CPE credits. The CISSP, for example, as of this broadcast, requires applicants to pay a $749 fee to take the exam as well as an annual $125 maintenance fee.
Rick Howard: The certification is valid for three years, by which point the CISSP holder must have submitted 120 CPE credits or retake the exam. While certifications can be useful benchmarks for potential employers as well as providing constructive education for certificate seekers, there's been some criticism in the industry surrounding these certifications. Joanna Burkey, CISO at HP told Info Security Magazine last year, "especially when cyber was a new domain, certs were often used to reflect a degree of knowledge in this emergent space, which was useful." However, InfoSec certs have become somewhat diluted over the years and are used too often as a checkbox way to pre-qualified candidates. "This expected by default mentality can be exclusionary to people without certs who may actually be the better candidate."
Rick Howard: Nerd reference: In 2022 on the YouTube channel called Clips, David Bombal and Corey Ball discuss whether or not certifications are worth the effort and price.
David Bombal: So, Corey, tell me certifications, are they important in cybersecurity? Give us your take on certifications?
Corey Ball: Yeah, so I, I have a handful of certifications and to list them all out might be annoying, so obviously as someone that's partook in them, uh, I would say yeah, they, they do hold a lot of value if you're trying to break into cybersecurity. They are one of the greatest helpers to do that. You have some knowledge and you can develop that into something more. And certs help a lot with that. Um, so getting your foot in the door for interviews, uh, certs provide a lot of value there. Um, and as long as you're going through, you're studying the material, you're getting your hands on the keyboard, you're testing out labs, you're, you're building that experience. Then the, the, if the start is the thing that drives you to do that, then that's a great way to build that experience.
Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.