Fellow Security Professionals,
Many of us have received business cards or correspondence that included a line of acronyms following the individual's name. I used to believe this was only necessary with medical doctors and accountants to make sure I didn't go to the dentist to help me find a tax break. Over the years however, I have seen this practice become more commonplace in many other professional fields including IT/Cybersecurity. There doesn't seem to be an acceptable standard on what should or shouldn't be included and I would like to open a discussion to see what others in the field think.
It would only be fair for me to share my opinion first with the very clear disclaimer that it is ONLY my humble opinion and not meant to criticize anyone else’s views or practices. I welcome the discussion and am very interested in hearing about your perspectives.
I always ask myself what the objective is for listing any of my certifications or education before I include them on anything. So far, the only place I have found it necessary is on my resume so I can get through the HR filters and show my qualifications for the position I am competing for. The position I am in now requires I maintain a certain baseline so I do not feel it is necessary to list that information anywhere. The complicated part is that few people outside the field know what the baseline is or even what it takes to attain it which, leads me to believe it is even more unnecessary to include it. This is one of the few instances I suppose it’s easier to be a doctor. When they write Dr. Doogie Howser, MD, everyone already knows they have a PhD and are CPR certified. In this field it is less defined and that is where the uncertainty comes.
The other aspect I sometimes contemplate with is how to handle the certifications and education that are above the baseline.
Overall, my past experiences have led me to believe that listing my certifications and education is unnecessary. Recently however, I have begun to wonder if we as a community are missing an opportunity to open lines of communication by not advertising all the different ways to contribute to the field. My hypothesis is that listing a bunch of foreign acronyms could be the ice breaker to start a conversation with an aspiring Cybersecurity professional. I hope to gain some insight through this discussion and look forward to your responses.
As with many things it all depends ...
If other people in your company or industry sector list their post nominals then it's probably okay to list yours, however only those that are relevant to the context. So if your procurement colleagues put MCIPS after their name, your accountants put FCA, your marketer use FCIM etc your may also choose to use your post nominals. However be prepared for some people to ask, other to assume they just some IT acronym and also be prepared for other to assume there's arrogance in drawing attention to them.
I won't put IT qualifications or courses as post nominals though as it looks odd. The number of times I've seen ISO 27001 LA or ITIL or six sigma after people names!
Personally, I don't do it; mileage may vary for others.
I don't simply because what's the motivation for posting nominals? Few people at my work outside of project managers put their alphabet soup in their signature. I guess the reason is we do stuff to make money. If it doesn't make money, we don't do it. We do a lot of meetings with clients. We don't do much email.
The only reason PMs do it is where the SOW requires a PM has a PMI certification. Even then, it's limited to:
J. Doe, PMP
Is there a belief out there signature block proliferation equals credibility?
Do people not in the know want have knowledge about others' accomplishments?
I have no idea... it's definitely a curious topic though.
For the causal observer would my block of...
J. Doe, MBA, MS, BS, SCJP, CCNA, SCF, CISSP, CEH
...mean more than this:
If so why? I'm genuinely curious about this!
In my correspondence, I don't list anything. I do this for one particular - and a little selfish - reason:
I want my discussions, arguments, and statements to be judged on their own merit rather than be defended by a qualification.
If I am engaging someone in a conversation I want to be both credible and memorable without any assistance. If I failed to do that, then I have some personal growth to accomplish.
In my experience, when I succeed, I often get asked something along the lines of, "Where did you learn that?" That is the opportunity to discuss qualifications, learning paths, and life experiences.
Definitely well said by the others above!
I actually researched this a little over the past few years as I obtained my BS in Information Technology and most recently my CISSP. Like many here, I have a slew of certifications that I've obtained (and maintained) over the years.
The general consensus on the Internet (if there is such a thing) is that, in general, it's frowned upon to do so UNLESS there are circumstances that warrant it. It's apparently commonplace in academia (to establish one's credibility as a first hand source of information) as well as certain industries and professions. As an example, a financial auditing firm would be more likely to have a signature/business card that includes "CPA" or an financial planning agent to have "CFP" to demonstrate that they are certified to perform the work they do (and would not be allowed to do it without that certification). This hold true for medical doctors- they are a first hand source of medical information and cannot practice medicine without that license/degree so the significance of it bears promotion. Although I take a lot of pride in my accomplishments and certainly feel that there are aspects of Information Technology (especially cybersecurity) that should not be handled by untrained or unqualified staff, there is also no legal or regulatory constraint that requires it for the work being performed. As others pointed out, the majority will likely see it as arrogant and pompous and so should be avoided under most circumstances. Like Baechle above, I like to keep it very simple and be judged for being myself. Don't forget the other side of the coin- if you put those degrees/certs out there, you'd better be ready to become infallible in every aspect related to what they represent!!
A typical signature/business card should include your name, company, title and any contact information you wish to share. As others have said, it's during conversations that the degrees, certifications, etc. will be organically revealed when deemed relevant.
There is also another point of view. Historicaly, in several countries (especially in the old Austrian-Hungarian Empire and it's descendant countries) it is common to use the academic or other title as a mean of introduction. Instead of saing "Mr. X" we use "Engineer X." if they have technical education, "Magister X." if they have humanital education and "Diplomed specialist X" if they have a vocational degree. Same with doctorate positions and - in business cases - same with Bc. (though this is not too common yet). In business contact in my country, this is even sometimes multiplied if said person holds various degrees. I had a woman introduced to me as "Missis Magister X Y, diplomed specialist" recently. While the last example is a bit over-the-top, I basicaly feel like HAVING to honor this code and list my highest profesional credential (in my case, SSCP) as not only a part of my signature, but also in e-mails and so on. I got asked once how should I be introduced, and they insisted to call me out as "Mr. Sedlacek, system security certified professional" in the end. So it depends on culture basis as well.
I am of the belief that less is better. If you feel the need to list EVERY certification you have ever accomplished, then it seems to come across as bragging or looking for status. I have seen people with very long alphabet soups after their name. Most times I never really notice the credentials after the name unless it is too long. Then it becomes "Why do they feel the need to put so much info out there?" I am reminded of the Shakespeare quote "Me think thou dost protest too much." In other words, what are you trying to prove by putting it all out there?
I much rather see a list of certifications held in a separate place on the resume, rather than trying to decipher alphabet soup. Also if you have an entry level cert like Security+ and then earn a more advanced cert like CISSP, stop listing the Security+ in your signature block. It is fine to still list it on your resume, especially if the job announcement requires it. Also if you were applying for a job that required it, I wouldn't mind seeing it behind your signature, but don't make me search for it through a whole string of other certs.
I totally agree that my consults should stand alone and not depend on alphabet soup following my name, but there are exceptions. If I am new to the organization I usually list my highest degree obtained along with my most recent certification. I personally feel two-three items listed in a signature does not look ridiculous!
Just my 2 cents!
Email. First correspondence is fine but I drop the signature block on subsequent emails. Over time reading the same 2-10 signature blocks simply feels unwarranted. I do this even if I am forced to delete the organization standard as I go along.
Business cards are another matter as those cards are generally used to exchange information in a business related matter.
If you want to use a business card for social situations, have separate contact cards printed but without the post-nominal information included.
There are two things that happen to me psychologically when I read a message containing a signature block with credentials. The first thing is that I become curious about the credential and the credential holder. The second is that I elevate my expectations about what was written in the body of the message.
In the first instance, it means that I typically look up the credential to see what is required to obtain it. Looking at schools for degrees, and the certification or licensing body for other credentials. I also attempt to figure out how long the person was credentialed for. For example, did they just obtain their degree or certificate last month, or did they have it for the last 15 years?
In the second instance, I’m immediately more interested in scrutinizing the body of the message for mistakes, misunderstandings, or inaccuracies. Not grammar or anything like that. I’m looking for clear, audience-focused communication. The content should be well supported like an academic paper, with references. And the concepts should be sound with acknowledgements made for gaps in experience or understanding. And then… it makes me want to engage in debate… Like good old fashioned academic debate like as in upper graduate courses.
Does anyone else have a similar or different reaction to seeing credentials in a signature?