Fellow Security Professionals,
Many of us have received business cards or correspondence that included a line of acronyms following the individual's name. I used to believe this was only necessary with medical doctors and accountants to make sure I didn't go to the dentist to help me find a tax break. Over the years however, I have seen this practice become more commonplace in many other professional fields including IT/Cybersecurity. There doesn't seem to be an acceptable standard on what should or shouldn't be included and I would like to open a discussion to see what others in the field think.
It would only be fair for me to share my opinion first with the very clear disclaimer that it is ONLY my humble opinion and not meant to criticize anyone else’s views or practices. I welcome the discussion and am very interested in hearing about your perspectives.
I always ask myself what the objective is for listing any of my certifications or education before I include them on anything. So far, the only place I have found it necessary is on my resume so I can get through the HR filters and show my qualifications for the position I am competing for. The position I am in now requires I maintain a certain baseline so I do not feel it is necessary to list that information anywhere. The complicated part is that few people outside the field know what the baseline is or even what it takes to attain it which, leads me to believe it is even more unnecessary to include it. This is one of the few instances I suppose it’s easier to be a doctor. When they write Dr. Doogie Howser, MD, everyone already knows they have a PhD and are CPR certified. In this field it is less defined and that is where the uncertainty comes.
The other aspect I sometimes contemplate with is how to handle the certifications and education that are above the baseline.
Overall, my past experiences have led me to believe that listing my certifications and education is unnecessary. Recently however, I have begun to wonder if we as a community are missing an opportunity to open lines of communication by not advertising all the different ways to contribute to the field. My hypothesis is that listing a bunch of foreign acronyms could be the ice breaker to start a conversation with an aspiring Cybersecurity professional. I hope to gain some insight through this discussion and look forward to your responses.
Frankly. I rarely read the signature blocks of other people in or outside of my organization in the first place so advertising my long list of certifications and educational studies still seems pointless past the first email in the chain.
Only reason I use it the first time is because of the corporate email policy in the first place. Add to that, 99.99 percent of folks I do interact with are not security people but business people adding a long list of certs over and over only creates more questions than reassurance. Its a nice way of saying most people don't know; don't care or don't know why someone would do such a thing. Ever see a recruiter's email signature with an MBA in the signature? Its just as meaningless to the audience.
Listing degrees and certs is probably best left for academia but adds little, if any benefit in the corporate world.
I will admit that I have stuck my CISSP (and my MCISE, aka M.Sc.) into signature blocks (both paper and virtual) and presentation title slides on occasion. As a famous poster in the forum puts it, context is everything.
But I also have to admit that my first and automatic reaction when I see a string of alphabet soup posted indiscriminately (no, @Lamont29, I'm thinking of someone on the forum who eventually shortened his sigblock to "CISSP + 14 more") is to think of jokes about "size matters" and overcompensation ...
I would never take offense to something like this. In fact, when I first started posting, it was unintended on my part to list a litany of certifications and educational achievements on EVERY response or post - that was an automated systems process that began when I initially created my signature block. I went back to see that there was a check box that I could disable in my automated response. I modified that to stop because I was tired of it myself and not because it may have annoyed others; though, I go out of my way not to be obnoxious.
When this subject kept coming up in the thread, I did think that "hey, maybe they are talking about me?" And why wouldn't you be as perturbed as I am? You see, everybody farts, but when you have to run away from your own fart, then you can only imagine how someone else who smells it gags! (Just a bit of humor, but true!).
Still, I believe that if people put their credentials in their business cards, then that's totally appropriate. You may cross paths with an individual who totally need or requires that information.
I have a lot of certs. I include them sometimes because I am a woman and I run into a lot of people that still assume I'm speaking on behalf of someone who knows (a male) and I'm not the actual person who knows something. I feel like I have to continually remind people that I'm educated and experienced. I still run into a lot of people who are surprised that a woman has done so much.
When I see someone with the alphabet soup, I look to see what I have in common with that person, and use the language of a cert to establish a connection. I also see a person with certs as someone who is taking a role seriously, and who is working on staying current and valuable.
I also sometimes think that the person (like me) needs some validation that he/she knows what he/she is talking about. I have a lot of ego tied up with being knowledgeable.
I spend a lot of time learning.
I'm a sixty year old woman. And a bunch of you are going to read that sentence and dismiss everything I've said.
@PlannerKSH wrote:I have a lot of certs. I include them sometimes because I am a woman and I run into a lot of people that still assume I'm speaking on behalf of someone who knows (a male) and I'm not the actual person who knows something.
Do you want to talk to the man in charge, or the woman who actually understands what's going on? 🙂
@PlannerKSH wrote:I'm a sixty year old woman. And a bunch of you are going to read that sentence and dismiss everything I've said.
True, and sad. But I understand what you mean about having to prove yourself with a cert listing. I have one of my standing sigblocks that lists my published books. (I find that more effective that the cert list.) I pretty much only use it when I'm replying to recruiters and such.
Then there was the time I was sent off to teach in Germany. Had a call with the host, and he was oddly cold. (I later found that the org had badly bungled with the first instructor sent.) While I was on the plane the guy Googled me--and found my entry in Wikipedia. Apparently just the fact that I had an entry in Wikipedia made the reception when I landed a lot different. (This is also what my grandkids' school friends find most impressive 🙂
I now have 9 certifications...nope I'm not going to list all that stuff under my name in my signature block of emails.
My employer likes me to list my ISC2 certs, and my ISACA certs, so I do.
When people start listing rows of certifications/degrees, it starts to invite a pissing match... in my opinion.
Clancy
In my opinion, I think if you are a Security Consultant then I think you should display your credentials because it is a sort of visual validation. It is difficult to show a level of experience or knowledge as a consultant especially to people who do not know you, if you are employed by an organization you would have been validated through HR interviews etc. hence listing them whilst working at a company is not really required. I put mine in my signature for my consulting work but I omit them for the organization that I work for full time.
This is a reply to an old post, but my comment may still be relevant.
I would like to provide an instance where a certification reference might go beyond serving as a job résumé hook.
Many people working Cyber Security/Information Assurance (IA) for the US Department of Defense (DoD) will have to comply with DoD Directive 8570. Some contracts with the DoD require a certain number of contractors have a particular certification for certain tasking. For example, CompTIA Security+ CE satisfies the Information Assurance Technical (IAT) Level II requirement in the DoD 8570 matrix, and the (ISC)² CSSLP or (ISC)² CISSP satisfies the Information Assurance System Architects and Engineers (IASAE) Level II. Including a reference in an email signature to an earned certification required by the DoD 8570 will convey confidence to a DoD government customer that the contractors are trained according to those standards. Also, adding the Credly digital badge will also provide a link to an explanation of that certification as well as the certification holder's valid dates.
Link to (ISC)² page for digital badges: https://www.isc2.org/Certifications/Digital-Badges
Link to DoD 8570 matrix: https://public.cyber.mil/wid/cwmp/dod-approved-8570-baseline-certifications/