cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DAlexander
Newcomer III

Listing Certifications and Degrees in Signature Blocks or Business Cards

Fellow Security Professionals,

     Many of us have received business cards or correspondence that included a line of acronyms following the individual's name.  I used to believe this was only necessary with medical doctors and accountants to make sure I didn't go to the dentist to help me find a tax break.  Over the years however, I have seen this practice become more commonplace in many other professional fields including IT/Cybersecurity.  There doesn't seem to be an acceptable standard on what should or shouldn't be included and I would like to open a discussion to see what others in the field think.

     It would only be fair for me to share my opinion first with the very clear disclaimer that it is ONLY my humble opinion and not meant to criticize anyone else’s views or practices. I welcome the discussion and am very interested in hearing about your perspectives.

     I always ask myself what the objective is for listing any of my certifications or education before I include them on anything. So far, the only place I have found it necessary is on my resume so I can get through the HR filters and show my qualifications for the position I am competing for. The position I am in now requires I maintain a certain baseline so I do not feel it is necessary to list that information anywhere. The complicated part is that few people outside the field know what the baseline is or even what it takes to attain it which, leads me to believe it is even more unnecessary to include it. This is one of the few instances I suppose it’s easier to be a doctor. When they write Dr. Doogie Howser, MD, everyone already knows they have a PhD and are CPR certified. In this field it is less defined and that is where the uncertainty comes.

     The other aspect I sometimes contemplate with is how to handle the certifications and education that are above the baseline.

     Overall, my past experiences have led me to believe that listing my certifications and education is unnecessary. Recently however, I have begun to wonder if we as a community are missing an opportunity to open lines of communication by not advertising all the different ways to contribute to the field. My hypothesis is that listing a bunch of foreign acronyms could be the ice breaker to start a conversation with an aspiring Cybersecurity professional. I hope to gain some insight through this discussion and look forward to your responses.

51 Replies
Andy69
Newcomer III

Well, Personally in the past I thought that listing certifications and degress anywhere was unuseful. But now what I notice a little bit everywhere is that the skills on new technologies are often not clear even to those who search for it. There is a lot of confusion. Also in my opinion the certification itself helps to open the discussion channel you were talking about, but if you do not make it known, that channel remains closed. Listing the certifications even where it should apparently not be useful, it can actually help to expand your professional network, exploiting potential unsuspecting intermediaries.

Steve-Wilme
Advocate II

Very good point! I very deliberately became a M.Inst.ISP because I needed network with the other full members. You can do the CESG CCP exams at a senior level and be admitted or you can get via an evidenced and referenced experienced based submission and long interview. Networking gave me earlier visibility of upcoming changes and invited to briefings I'd otherwise be excluded from.
-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Steve-Wilme
Advocate II

Remember the canon of ethics. You have signed up to improving the profession and even mentoring more junior colleagues or those considering entering infosec. If you don't list them are you signalling you're unapproachable, aloof etc?
-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Caute_cautim
Community Champion

A very sensible approach, and yes, I agree it does make one want to engage in thoughtful conversations.

Andy69
Newcomer III

You hit a very important point. Since I began to gain titles in my life, I have always met a lot of people who tried to prove that those titles showed the opposite of what they seemed, that I was incompetent. I think it's one thing: competition ... And then you just have to be prepared. Very prepared. The more titles and skills you highlight, the more you have to prepare to defend yourself, because the titles actually give some competitive advantage that annoys competitors.

Baechle
Advocate I

Steve,

 


@Steve-Wilme wrote:
Remember the canon of ethics. You have signed up to improving the profession and even mentoring more junior colleagues or those considering entering infosec. If you don't list them are you signalling you're unapproachable, aloof etc?

Could you give an example or hypothetical how someone might interpret not listing qualifications as unapproachable or aloof?

 

Eric B.

 

Beads
Advocate I

I would say folks have been most polite in warning of the dangers of overusing post nominal, titles and long lists of certification to the detriment of the person exposing such.

 

Consider much of this discussion to be that of fair warning and avoiding common pitfalls. I see nothing detrimental about this discussion.

Illsteward
Newcomer II


@Baechle wrote:

Steve,

 


@Steve-Wilme wrote:
Remember the canon of ethics. You have signed up to improving the profession and even mentoring more junior colleagues or those considering entering infosec. If you don't list them are you signalling you're unapproachable, aloof etc?

Could you give an example or hypothetical how someone might interpret not listing qualifications as unapproachable or aloof?

 

Eric B.

 


If you really intended to write "not" listing qualifications - that can be seen as unapproachable in only a few cases, such as in a business meeting where you can expect the other party to have had a preparation time, meaning they will likely be aware that you have certain standing. In this case, it is likely to build up a mistrust, as they will wonder why you want to hide that you are a professional from them. But also, even in such case, listing each and every certification in a field is really unecessary.
I would say that for example being SSCP, CISSP, CISSP-ISSAP and CSSLP would only matter if you represent yourself as an ISC memer of long-term good standing, but if you will for example send questions to your company's sub-contractor regarding their IS you want to deploy, listing only CISSP-ISSAP would be appropriate, as the rest is not in any way more relevant to the topic at hand as this one credential.

Lamont29
Community Champion


@DAlexander wrote:

 

     "Overall, my past experiences have led me to believe that listing my certifications and education is unnecessary. Recently however, I have begun to wonder if we as a community are missing an opportunity to open lines of communication by not advertising all the different ways to contribute to the field. My hypothesis is that listing a bunch of foreign acronyms could be the ice breaker to start a conversation with an aspiring Cybersecurity professional. I hope to gain some insight through this discussion and look forward to your responses."


I have had occasions where other security professionals would berate me for listing my credentials. I never let that discourage me though. The purpose of me listing my education and credentials is because this field is a lot about ‘networking’ with other security professionals. I have had a litany of opportunities that I might not have had if it were not for the fact that I advertised my credentials. As you stated, those acronyms can spark a conversation. In addition, someone may be headed in a direction that I’ve already traversed – this could present an opportunity for you to mentor someone as I love doing. I have not made it a habit yet to meet people outside of my immediate or extended family and question them about their educational goals, achievements or plans. Just my thoughts on this subject.

 

 

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE
Illsteward
Newcomer II


@Lamont29 wrote:

@DAlexander wrote:

 

     "Overall, my past experiences have led me to believe that listing my certifications and education is unnecessary. Recently however, I have begun to wonder if we as a community are missing an opportunity to open lines of communication by not advertising all the different ways to contribute to the field. My hypothesis is that listing a bunch of foreign acronyms could be the ice breaker to start a conversation with an aspiring Cybersecurity professional. I hope to gain some insight through this discussion and look forward to your responses."


I have had occasions where other security professionals would berate me for listing my credentials. I never let that discourage me though. The purpose of me listing my education and credentials is because this field is a lot about ‘networking’ with other security professionals. I have had a litany of opportunities that I might not have had if it were not for the fact that I advertised my credentials. As you stated, those acronyms can spark a conversation. In addition, someone may be headed in a direction that I’ve already traversed – this could present an opportunity for you to mentor someone as I love doing. I have not made it a habit yet to meet people outside of my immediate or extended family and question them about their educational goals, achievements or plans. Just my thoughts on this subject.

 

 


This is certainly true, the part about networking in communities. And in professional environment, the amount of acronyms behind a name can be virtualy limitless. Sadly, there are communities which will discourage you from such behavior and other communities that will look down upon you. For example, in Czech republic, most universities and some offices won't allow a person to use a professional membership title. You can only choose the diplomas from state approved sections (Di.S., MBA., MSc., Ph.D., Bc., Mgr., or "small doctorate") that are explicitly stated in Czech law, but it's slowly becoming less common with this restriction being lifted slowly. I would like to use my (ISC)² standing as a credential even in some cases (I am still trying to finish university and since I am visiting Cyber Security and Cyber Operative classes, I want the teacher to know that I already have some ground in the field), but this ridiculous depending on pre-defined set of credentials makes it hard...