Certifiable Certifications

In the past week, I spent a day proctoring a CISSP exam and a night taking an exam to recertify my CCNP and CCDP. In the course of my professional development activities of late, I couldn't help but contemplate the benefits and pitfalls of both recertification systems.

Take the (ISC)2's stance on certification and upkeep. At the time I certified, I paid $450 to sit for a six hour bubble exam (like the high school SATs) that was, for lack of better words – meticulously ambiguous. I won't comment further on the preparation and the exam itself, but suffice it to say, if certification maintenance involved sitting that exam again, I would let it lapse – gladly. Hence, I was quite pleased to find that money and credits for ongoing studies was all that was needed.

On the other hand, I got my first CCNA by just taking the test sans any studying. I absentmindedly let it expire, and as per Cisco's requirements, took it again to recertify so I could pursue the CCNP. My hands on Cisco experience coupled with my daily on-the-job use of routing and switching skills allowed me to round out my competence with only short, targeted studying. Of course, after three years, I was faced with catching up on all the new (and old) technological developments that I don't practice daily that have made their way onto the Cisco tests.

Cisco's method of retesting to recertify is a win for Cisco. They get money for each exam taken, and the requirement to take exams to keep certified guarantees a steady (albeit small versus their hardware) income. While CCNA candidates arguable could be considered only "book smart", those who pursue higher Cisco certifications – and maintain them – can be regarded as networking professionals (or experts) who possess superior skill sets and represent the upper echelons of technical expertise. By forcing candidates to retest on constantly updated test materials, the breadth of knowledge of the candidates is not only maintained, but also expanded.

By contrast, the CISSP certification is not a very technical certification. It represents the amalgam of a common body of knowledge composed of ten unique security domains. Candidates are versed in physical security to cryptography; from network and telecommunications security to risk analysis. While fire suppression systems and security compliance laws may change, the CISSP candidate understands the impacts of these practices on implementing a well rounded and complete security plan. Maintaining the CISSP certification is more about field experience in a security management role than configuring firewalls and Intrusion Detection Systems.

While each recertification method suits each individual certification's needs, it makes it hard for candidates to pursue and maintain several concurrent certifications. Taking another (ISC)2 certification would require me to devote more time to gaining CPE credits to keep current in both disciplines. Additionally, another Cisco certification would require more studying and more expensive exams on a regular basis.

Certifications are like college classes – electives can be fun; however, you have to declare a major, and potentially a minor. Therefore, I've tailored my professional development activities to revolve around my current base of certifications – CISSP for security and CCNP/DP for next generation networking. When I think of the previous certifications I've achieved and either improved upon or let lapse (MCP, MCSE, CIPTDS, CCNA, CCDA and various other exams on the way to Checkpoint certification and CIPTOS/SS) I'm glad I've "graduated".