What are the most reliable ways to determine whether a certification training organization is solid? Lots of people who fail a security certification test unfairly give the trainer a bad review, so it's hard to use reviews to know which trainers to choose. What's your advice?
Ask the Expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
First of all, the responsibility of passing a certification test falls solely on the test taker. I've heard too many people blame the supposedly poor training they received from a certain instructor or organization after they failed a certification test. The Certified Information Systems Security Professional exam requires five years of experience as a security professional, for example, which cannot be imparted to a student during a five-day training boot camp. That being said, security certification training programs can be a valuable part of an overall study preparation process that includes self-study, experience and mentoring.
I would avoid any of the boot camp-style training programs, which are only helpful if used as refresher courses for someone who is already familiar with the material. Such programs tend to be the equivalent of cramming an entire college course into a five-day block. It's too difficult to retain that much information in such a short period and still have a fighting chance at passing an exam. Test takers should look for training programs with reasonable timeframes that provide enough time to focus on the core subject matter of the exam.
I would also look for training that is endorsed or financed by the certification body that oversees whichever test is being taken. When compared to third-party trainers, those attached to the certification body will often have better knowledge of the changes in material covered by the most recent tests. The certification bodies also have a strong interest in the quality of their training programs, as they must protect and enhance their reputation.
Finally, co-workers and other professional contacts can be great sources of first-hand information about training programs. Word of mouth may be the best way to learn about the quality of training programs and instructors. This is also a great way to find a mentor, which can be helpful long after obtaining a certification.
The real key to certification success is effort, which may seem like overly simplistic advice to people looking for a quick fix. The most important aspect of any training program is how much focus and effort is exerted by the student, and not the quality of the training program itself. Regardless of the quality of an instructor, a student that dedicates time and energy towards self-study will ultimately pass a certification exam.
Dig Deeper on Information security certifications, training and jobs
Related Q&A from Joseph Granneman
The consequences of phishing attacks could fall on the victims as enterprises start to punish employees who fall for this age-old scam. Expert Joseph... Continue Reading
CERT's ITPM certification is designed to help enterprises with their insider threat programs. Expert Joseph Granneman discusses the certification and... Continue Reading
Privileged users pose a growing threat to organizations. Expert Joseph Granneman looks at this insider threat and shares ways to mitigate it. Continue Reading