Listing Certifications and Degrees in Signature Blocks or Business Cards
Fellow Security Professionals,
Many of us have received business cards or correspondence that included a line of acronyms following the individual's name. I used to believe this was only necessary with medical doctors and accountants to make sure I didn't go to the dentist to help me find a tax break. Over the years however, I have seen this practice become more commonplace in many other professional fields including IT/Cybersecurity. There doesn't seem to be an acceptable standard on what should or shouldn't be included and I would like to open a discussion to see what others in the field think.
It would only be fair for me to share my opinion first with the very clear disclaimer that it is ONLY my humble opinion and not meant to criticize anyone else’s views or practices. I welcome the discussion and am very interested in hearing about your perspectives.
I always ask myself what the objective is for listing any of my certifications or education before I include them on anything. So far, the only place I have found it necessary is on my resume so I can get through the HR filters and show my qualifications for the position I am competing for. The position I am in now requires I maintain a certain baseline so I do not feel it is necessary to list that information anywhere. The complicated part is that few people outside the field know what the baseline is or even what it takes to attain it which, leads me to believe it is even more unnecessary to include it. This is one of the few instances I suppose it’s easier to be a doctor. When they write Dr. Doogie Howser, MD, everyone already knows they have a PhD and are CPR certified. In this field it is less defined and that is where the uncertainty comes.
The other aspect I sometimes contemplate with is how to handle the certifications and education that are above the baseline.
Overall, my past experiences have led me to believe that listing my certifications and education is unnecessary. Recently however, I have begun to wonder if we as a community are missing an opportunity to open lines of communication by not advertising all the different ways to contribute to the field. My hypothesis is that listing a bunch of foreign acronyms could be the ice breaker to start a conversation with an aspiring Cybersecurity professional. I hope to gain some insight through this discussion and look forward to your responses.
One instance where placing creds in the signature block is useful is employment in the USA DoD (Department of Defense).
The DoD Directive 8570 requires that employees and contractors of the DoD must acquire certifications that demonstrate a baseline knowledge for their job description. So placing earned certification badges or titles in a signature fields conveys a level of confidence when communicating with DoD government officials. For example, the CompTIA Security+ CE satisfies the Information Assurance Technical (IAT) Level II of the DoD Directive matrix, and (ISC)² CSSLP or CSSIP satisfies the Information Assurance Security Architecture and Engineering (IASAE) Level II.
(ISC)² provides a digital badging service through Credly. The service provides a link to individual's earned certificates as well as information such as certificate date validation.