I’m Certified! Now What?
A marathon runner often trains for years to build the skills and endurance necessary to make it to the finish line.
Once he’s achieved his goal, caught his breath, had some water and treated sore muscles, it’s time for him to focus on his next steps. How will he make the most of his accomplishment? Should he start right back up training for another event or use the skills learned to pursue new activities?
Preparing for and attaining an advanced professional certification is the mental equivalent of training for a marathon. They may not be logging miles on a jogging path, but IT professionals pursuing certifications certainly put in hours of mental training when learning the information, understanding the guidelines for optimal test-taking performance and applying their expertise at work each day.
However, similar to the marathon runner, once an IT professional achieves his goal, he is faced with the question: “Now what?”
Share the News
Many certifying organizations provide newly credentialed individuals with template news releases or similar announcements they can send to local magazine and newspaper reporters; the editors of their organizations’ internal newsletters, intranets and alumni newsletters; and editors of other publications.
Also, all superiors and department leaders should be aware when employees achieve a new designation. Not only can a certification clarify and validate areas of expertise, but it can lead to increased responsibility and leadership opportunities.
In addition, it’s important for an organization to know how many credentialed individuals it employs, because having a heavily certified workforce could bring in more business. For example, IT auditors at many auditing firms are expected to hold the CISA certification, and clients often ask how many CISAs the firm has as part of their preproposal qualification questions. The same applies for other designations such as CompTIA Security+, Certified Systems Professional (CSP), Certified Fraud Examiner (CFE) and Project Management Professional (PMP).
Further, IT professionals should make sure to update their profiles on sites such as Facebook and LinkedIn and, if appropriate, alert other members of groups to which they belong. In addition, they should remember to update business cards (print and electronic), e-mail signatures, resumes and profiles on career-related Web sites.
Put It to Use
Earning a certification is not the end of a process, but rather the exciting beginning of an upward path. Challenge the status quo and improve personal contributions, as well as those of the company by coaching colleagues in your own and other departments. It will not only improve their productivity but also enhance your leadership and management skills.
Knowledge gained from pursuing a certification also can be used on a daily basis in the workplace.
“In my audit reports, I usually refer to the knowledge and standards that were required for me to gain my designation,” said George Ataya, CISA, CISM, CGEIT, CISSP, managing partner of ICT Control SA-NV in Brussels, Belgium. “This indicates a level of professionalism of my activity and shows my audience that I really use the rich body of knowledge that I have gained. I also mention my designations in a subtle way so my audience understands that my activity is inspired by structured, not improvised, knowledge.”
Expand Your Network
In addition to updating social media profiles, many certification holders join certification-specific groups on sites such as LinkedIn and Facebook. Ask questions about how others have benefited from attaining this certification, and actively participate in ensuing conversations. This not only provides additional ideas about how to make the most of a certification, but also solidly links your name with your certification.
Attend chapter and national or international events, or — better yet — volunteer as a speaker at these events and share experiences. Many organizations offer continuing professional education (CPE) hours for delivering presentations. In addition to making a positive contribution to the profession, this builds confidence and enhances your reputation among peers.
“After you attend a conference, you build an incredible web of other professionals who will help you at any time,” said Evelyn Susana Anton, CISA, CISM, an independent security consultant in Venezuela. My success is mainly due to my certifications. [For example], I’m helping a large university improve IT physical and logical security using COBIT and Val IT, two valuable international frameworks that I had increased knowledge of because of my certifications.
“[And] before my current position, I worked for 19 years for UTE, the national electricity company in Uruguay,” Anton continued. “I was the IT security manager. While certification was not required, it was extremely helpful in my position. I created and developed the IT security department, and I gained expertise by networking with other members of the professional association that offers certifications and by attending its international conferences.”
Display the Accomplishment
If you have dedicated office space, frame the certificate received from the certifying body and hang it in a prominent position on the office wall. Or find a noticeable place on a credenza or shelf. Some certifying organizations provide pins, and you definitely should wear yours, especially in the workplace and when attending workshops, conferences and training events — both internally and outside the office. After all, you may run into a potential new employer while walking down a hallway or during a meeting, and the pin could start a discussion about your accomplishment.
Consider a Job Search or Raise Request
Studies by independent research firm Foote Partners LLC show that attaining one or more certifications can result in a significant pay premium. Many employers place a high value on well-respected certification programs and are willing to reward employees with bonus pay or salary increases, even as the economic recession continues to exert pressure.
In its “2009 IT Skills and Certifications Pay Index” report, which assessed the pay premiums for 371 skills and certifications, Foote Partners found that while 60 skills and certifications declined in value, 46 increased in value.
Newly certified professionals should check with their employers to see if their accomplishments merit a raise or other compensation. If not, and if you’re in the market for a new position, consider searching by certification on a job-search Web site.
“When I earned the CISA certification, my company gave me access to more complex audit assignments,” said Ataya, who achieved his first certification in 1992 and his most recent in 2008. “After receiving the CISM and CISSP designations, I could develop new lines of services that I offered to clients.
“In addition, we have founded the chamber of IT Expert Witnesses, and to belong to this organization, which assists the Belgian legal system, professionals should have a Certified Internal Auditor (CIA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) certification,” he said.
Attaining a certification also helped elevate the career of Richard Brisebois, B. COMM, CGA, CISA.
“I had been a financial auditor and generalist performance auditor for more than 20 years when I decided to seek the CISA certification,” Brisebois said. “Even though I always had a keen interest for IT — especially for electronic sampling and data analysis — this certification changed the way I was perceived inside and outside the office. I am convinced that my passion for IT audit and the credibility of the certification helped me get promoted to audit principal leading the IT performance audit practice at the Office of the Auditor General of Canada.”
Pursue Low-Cost CPEs
Most of the highly sought-after certifications require a certain number of continuing professional education (CPE) hours to keep the professional up-to-date on the latest trends and guidance, and to maintain the designation. Luckily, more and more certification bodies are offering low- or no-cost opportunities to earn the required hours.
The nonprofit Information Systems Audit and Control Association (ISACA), for example, offers a free e-symposium every month, providing attendees with three CPE credit hours for each symposium they attend. Readers of the association’s bimonthly ISACA Journal also can take a brief quiz and earn additional CPE credits.
Certification holders are in a fraternity of sorts: They know how hard the process is and what struggles new certification candidates are experiencing. Serving as a mentor or facilitating a course to help those studying for certification not only is a way of giving back, but also keeps professionals current and involved in the next generation of staff members.
“Since obtaining my latest certification, I have truly enjoyed sharing my experience with various nonprofit association committees and boards,” Brisebois said. “Volunteering on these committees has helped me pass my knowledge to others, stay current and meet with other professional colleagues from around the world.”
Don’t assume that attaining a certification means that you’ll know everything about the particular area or that you even need to know everything. When confronted with new or difficult situations, consult with colleagues. Other points of view are extremely valuable.
Also, stay up-to-date. Few industries move faster than information technology, so a certification holder needs to keep pace.
“When people are freshly certified, they are still close to the books and theory,” Ataya said. “I advise professionals to refer back to the review manuals and other material they used for their studies. It helps greatly to ensure that they continue to master the knowledge in their professional activity. After time goes by and [they] gain more hands-on expertise, they do not need to refer back to those documents as frequently.”
Finally, keep in mind that even the most seasoned professionals — after many years in the business, extensive travel and a wide array of business experiences — still begin most days asking themselves: “Now what?”
Lynn Lawton, CISA, FBCS CITP, FCA, FIIA, is international president of ISACA and the IT Governance Institute. She can be reached at editor (at) certmag (dot) com.
Certification a Must in Today’s Economy
Certification is not just a nice-to-have in organizations today — it has become a near requirement for professional advancement. And there is a growing global appreciation for certifications, most notably in the Asia Pacific region.
At RSM Bird Cameron, for example, all IT systems audits must be approved by a certified person. Systems auditors who have passed the Certified Information Systems Auditor (CISA) examination but are still working toward gaining enough experience to attain the credential must work with a CISA and have their work reviewed and signed off on by the certified individual before it can be released to the client.
The same is true of security reviews: Only Certified Information Security Managers (CISMs) may review and sign off on such work before it is released — and governance assignments may only be undertaken by Certified in the Governance of Enterprise IT (CGEIT) professionals.
I’m often asked by people in the security sector about the benefits of certification. The question usually is: “I’ve been doing this work for years. Why do I need a credential?” The answer is quite straightforward: It gives prospective employers or clients an understanding of your areas of expertise and a view of your professionalism and ethical nature. In some sectors, credentialed individuals are paid higher salaries than those who are not.
All IT professionals should make the effort and pursue the credentials that will benefit their individual careers.
Jo Stewart-Rattray, CISA, CISM, CGEIT, CSEPS, is director of information security at RSM Bird Cameron in Adelaide, Australia. She can be reached at editor (at) certmag (dot) com.