Case Study in Certification Mandates
As IT certification has become a more accepted and reputable way to verify aptitude, more organizations are implementing credentialing mandates to ensure a certain level of skill among their employees. One such company is Advanced Internet Security (AIS), which designs and implements security solutions, many of which involve Symantec products and services.
“It’s a pretty strong mandate,” AIS President Gary Cannon said. “We require that (AIS) consultants and engineers maintain their certifications on all Symantec products. We have a number of customers who’ve settled on Symantec as their security solutions provider. We want to be able to support them across that panoply of products, regardless of whether it’s on the lower end—anti-virus and other administration-type products—or full-security products. We are pretty aggressive about enforcing that policy. We all feel that it’s in our best interest. We made the decision some time back to have that as our policy, and we’ve strengthened our relationship with Symantec as a result of that. I think it gives us an edge on a number of our competitors.”
This certification mandate can be a selling point when discussing deals with potential customers, Cannon said. “When we’re contacting new clients, we provide that information as part of the initial communication. We explain the Symantec Certified Security Practitioner, as well as the CISSP certification. I think that helps with our credibility in our initial engagement with customers.”
Cannon provided the example of its negotiations with Pyrotek, a provider of molten metal transfer systems, aluminum refining and filtration systems and high-temperature materials for the aluminum industry. A few years ago, Pyrotek started to fortify its IT security infrastructure with Symantec products, but didn’t have the time or resources to develop security expertise internally. The company eventually selected AIS to implement the solutions because its expertise in information security and Symantec solutions was verifiable due to a combination of experience and certification. “They were looking for a solution provider that could support them across the board on their security infrastructure, so I think (certification) was an important factor,” Cannon said. “I think the other thing that helped was they had gotten some recommendations from Symantec representatives about our capabilities and the certifications that we held. We back up all of our Symantec certifications with more practical experience. We run almost all of the Symantec products we support in our lab regularly. We’re constantly installing, reinstalling and playing around with the products to enhance our expertise in that way.”
Companies cannot always rely on IT certifications as a measure of competency, though. “There are a lot of what I call ‘paper certifications’ out there for people who are just good at taking tests,” Cannon said. “I think that due diligence would require somebody investigating a little bit more about what’s behind the certifications that a company has, whether it’s Microsoft, Cisco, Symantec or any other vendor that has a certification program. A lot of certifications don’t really require any demonstration of technical expertise. They’re more of a paper test than a hands-on test. I lean more towards a combination certification that requires a demonstration of technical expertise as well as the ability to demonstrate fundamental knowledge of a product or technology area.”