To Certify...or Not to Certify...?

David W. McCoy, CPPMaster Halco Security Solutions Group

What is certification and why should I consider pursuing it? There are a number of prestigious certifications available to security professionals today such as CPP (Certified Protection Professional), PSP (Physical Security Professional), CISSP (Certified Information Systems Security Professional) and CFP (Certified Fence Professional). Each one comes with its own set of qualification requirements and training and continuing education demands.

Professional certification is something that has been a part of American culture for many years. Consider that doctors, accountants and lawyers have been required to be certified for many years. When you ask yourself why, a number of basic reasons immediately come to mind including such things as:

1. Assure a basic level of professional competence

2. Limit newcomers from entering the market until they have achieved the requisite level of experience and competence in the field

3. Limit liability and improve quality by developing and maintaining industry standards

4. Achieve prestige and recognition in a specific field of study

5. Allow consumers to have a basic level of trust in your certified abilities


According to The American Society for Industrial Security International (ASIS):

The simple answer [regarding professional certification] is that to remain as competitive as possible today, you must be certified. The bar has been raised in the security profession and employers, contractors, governments, and even clients are now taking additional steps to ensure that they are hiring or working with the most skilled and knowledgeable individuals in the business. Professional certifications from ASIS International offer them another screening tool, one that has the backing of and credibility of the pre-eminent professional society in the world for those who are responsible for security. http://www.asisinternational.org/certification/certify.xml

The flagship certification programs supported by ASIS include:

Established in 1977, the Certified Protection Professional or CPP designation requires applicants to:

1. Hold a Bachelors degree or higher AND 7 years security industry experience and 3 of those years must be in a position responsible for the security function of a business.

OR

2. Have 9 years experience in the security industry, including at least 3 years of which the person was responsible for the security function of a business.

AND

3. Prove no prior conviction of any criminal offense that would reflect negatively on the security profession or ASIS International and its certification programs.

Established in 2002, the Physical Security Professional or PSP designation requires applicants to:

1. Have 5 years of experience in the physical security field.

2. Hold a high school diploma or equivalent.


3. Prove no prior conviction of any criminal offense that would reflect negatively on the security profession or ASIS International and its certification programs.

ASIS professional certification programs recently became the only type to be awarded the SAFETY Act designation by the U.S. Department of Homeland Security. "The SAFETY Act designation gives ASIS board certified professionals, their employers, and their customers immediate protections from lawsuits involving ASIS certification and the certification process that arise out of an act of terrorism." http://www.asisonline.org/certification/certify.xml

What does this mean to the consumer using ASIS certified professionals? In general, you will have liability protection (related to acts of terror) when utilizing the services of ASIS certified professionals to consult, design, and manage security programs and systems. This is a very powerful reason to seek certification and seek suppliers and employees that have achieved ASIS professional certification.

ISC or the International Information Systems Security Certification Consortium offers six certification programs to information security professionals:

"Technological solutions alone cannot protect an organization¡¦s critical information assets. Employers demanding qualified information security staff give their organizations a leading edge by providing the highest standard of security for their customers, employees, stakeholder's and organizational information assets."
http://www.isc2.org/cgi-bin/content.cgi?page=39

The Certified Information Systems Security Professional or CISSP designation is their foundational program and requires applicants to:

1. Have four years direct fulltime experience as a security professional in one or more of CISSP's ten subject areas

OR

2. Have one year of full time experience as a security professional and a Bachelors degree or a Masters degree in Information Security.

AND

3. Pass a comprehensive examination.

4. Take annual CEU credits to maintain the CISSP certification.

Once an information security professional achieves this level of certification, you can continue into the management, architecture, or engineering certification programs where holding CISSP certification is a prerequisite.

For physical security professional in which the basis of all security includes fencing and related barriers, the American Fence Association (AFA) offers the Certified Fence Professional (CFP) program.

The AFA has a rigorous certification program that recognizes individuals that have demonstrated an ongoing commitment to quality products and improving standards within the fence industry. A certified Fence Professional (CFP) will have a good understanding of the specifications, product quality and installation techniques that will help assure a first class product for the consumer. A CFP must meet a continuing education requirement as well as industry service requirements to maintain this certification. http://www.americanfenceassociation.com/age.cfm?pageid=1580

The CFP certification requires that applicants possess:

1. A college degree with three years in the fence industry.

OR


2. An Associates degree with four years experience in the fence industry.

OR

3. A High School Diploma with 5 years experience in the fence industry.

OR

4. No High School Diploma with 10 years experience in the fence industry.

AND

5. Pass a comprehensive examination.


Each of the designations requires a specific level of experience, demonstration of achievement of a certifying level of subject knowledge and continuing growth of industry knowledge through continuing education requirements.

It would be difficult to argue against the view that all such designations are a benefit to our customers and the security marketplace. They clearly have the impact of raising the

quality of goods and services provided to consumers.

In response to my initial question to certify or not to certify, the answer is a resounding YES! Industry practitioners should certify and as consumers we should seek out certified suppliers and service providers to assure we get the highest quality products and services.