There are many times in our lives when, armed with a new certification or accreditation, we were given new responsibilities. From the day we received our first driver’s license to that college or advanced education degree, we remember the feeling of finally having that little document in hand.
But, in reality, none of us knew much more that day than we did just a few weeks before. We had a piece of paper, and that’s about it. In fact, it takes years after the academic achievements to become proficient in anything, from driving to IT security and all points in between. The fact remains that most people achieve adeptness at a particular skill through hard-fought lessons learned.
The same is true in IT network environments. There are many certifications available to the information security workforce, and rightfully so. Certified Information Systems Security Professional (CISSP), Security +, or Certified Ethical Hacker (CEH) certification programs can get individuals the baseline training they need to perform their job well. Nevertheless, that newly ‘certified’ security expert will be a better employee only after having spent several years accumulating real-world lessons in the workplace.
It’s the proverbial ‘rubber meeting the road’ situation; one that companies and certification programs should take into account when developing training programs. For organizations to truly maximize their training investment dollars, employees should be sent to certification programs that infuse practical applications into the curriculum. Here’s an example: The best training sessions are ones that are built up over time using lessons that were learned by program managers, task leads and team members on the jobsite. We see this in certain DoD Information Assurance Certification and Accreditation Process (DIACAP) Advanced Validator Courses that walk participants through step-by-step processes on how to ensure a new system meets the Defense Department’s security standards. What’s more, programs like these are an even greater value if they integrate well with other courses. In the DIACAP case, the best options are ones that enable students to apply for certification as a Fully Qualified Navy Validator for information systems.
That’s just the beginning, though. For employers, it’s also beneficial to recognize that the training of an individual in areas like this doesn’t end when he or she returns to the office with a piece of paper stating they are certified. Continuing education and fine tuning of the craft is as essential to developing and – more importantly – maintaining proficiency. Organizations should therefore provide those who attended training programs the opportunity to routinely practice their new skills within the workplace to get the most return on the training investment.
Better yet, those who have recently returned from certification and training programs should set up their own internal continuing education workshops for other team members. There are two benefits to this approach. First, it requires the individual to take responsibility for refining their new skills and then pass it along to others. It’s a job that most will take seriously, as their performance and that of their team members will reflect upon their ability to share knowledge. Second, setting up internal education workshops builds solid bench strength within an organization and provides a greater return on investment for the cost of sending that one individual to training.
There is no question that certifications can be useful – highly so in many cases – but it’s the ability to understand and apply focused skills that sets an employee apart as a dependable team member. All graduates should be equipped with the tools necessary to do just that.
Hamlin Tallent, RADM USN (Ret.), is the president of Sentek Global, providers of government and commercial information technology solutions, including security, program management, strategic consulting, engineering, software development and acquisition support.