What are the most reliable ways to determine whether a certification training organization is solid? Lots of people who fail a security certification test unfairly give the trainer a bad review, so it's hard to use reviews to know which trainers to choose. What's your advice?
Ask the Expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
First of all, the responsibility of passing a certification test falls solely on the test taker. I've heard too many people blame the supposedly poor training they received from a certain instructor or organization after they failed a certification test. The Certified Information Systems Security Professional exam requires five years of experience as a security professional, for example, which cannot be imparted to a student during a five-day training boot camp. That being said, security certification training programs can be a valuable part of an overall study preparation process that includes self-study, experience and mentoring.
I would avoid any of the boot camp-style training programs, which are only helpful if used as refresher courses for someone who is already familiar with the material. Such programs tend to be the equivalent of cramming an entire college course into a five-day block. It's too difficult to retain that much information in such a short period and still have a fighting chance at passing an exam. Test takers should look for training programs with reasonable timeframes that provide enough time to focus on the core subject matter of the exam.
I would also look for training that is endorsed or financed by the certification body that oversees whichever test is being taken. When compared to third-party trainers, those attached to the certification body will often have better knowledge of the changes in material covered by the most recent tests. The certification bodies also have a strong interest in the quality of their training programs, as they must protect and enhance their reputation.
Finally, co-workers and other professional contacts can be great sources of first-hand information about training programs. Word of mouth may be the best way to learn about the quality of training programs and instructors. This is also a great way to find a mentor, which can be helpful long after obtaining a certification.
The real key to certification success is effort, which may seem like overly simplistic advice to people looking for a quick fix. The most important aspect of any training program is how much focus and effort is exerted by the student, and not the quality of the training program itself. Regardless of the quality of an instructor, a student that dedicates time and energy towards self-study will ultimately pass a certification exam.
Dig deeper on Information Security Jobs and Training
Related Q&A from Joseph Granneman, Security Management
Expert Joseph Granneman offers advice to enterprise security teams on using open source intelligence tools to learn about potential threats.continue reading
(ISC)2's HCISPP certification has many potential benefits for health information privacy and security. Expert Joseph Granneman examines them.continue reading
Expert Joseph Granneman explains important business skills information security pros need -- and how to acquire them -- as the discipline matures.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.