Security Certifications Highly Valued But Not Always Verified

New study shows IT leaders place the greatest value on cybersecurity certifications, but nearly half rarely confirm legitimacy of new hires' credentials.

Kelly Sheridan, Former Senior Editor, Dark Reading

September 13, 2016

3 Min Read

Employers often require tech certifications to gauge the expertise of new hires. Unfortunately, many businesses fail to verify credentials before extending job offers - a dangerous move when seeking cybersecurity talent.

This finding comes from a new pool of research from IT staffing solutions provider TEKsystems. Researchers polled more than 300 IT leaders (CIOs, IT VPs, IT directors, hiring managers) and 900 IT managers to gauge the perceived value, legitimacy, and compensation impact of tech certifications.

Just 52% of IT pros always/often accurately present certifications on their resumes. Many embellish their certifications to avoid having their applications automatically filtered during the hiring process. Some "self-certify" and add credentials because they believe their work experience has given them sufficient technical knowledge for the role.

It's not hard to get away with this, either: nearly half (49%) of IT leaders rarely/never verify employees' certifications, and only 26% always/often do. Some skip the verification process to quickly secure talent in the competitive IT landscape, explains TEKsystems market research manager Jason Hayman.

"If someone checks all the boxes, they're going to have more offers," he says. "The employer has to move quickly, and taking the steps back to verify will slow the process."

For some types of certifications, failure to verify doesn't have a tremendous impact on the organization, he says. If you hire a developer who doesn't have the right expertise, you might end up being slow to market or exceed your budget.

However, the same mistake can be disastrous when recruiting security talent.

"With security in particular, it can have such a huge impact on the organization if [you] make a bad decision," Hayman explains. If a security architect comes in and builds a framework without the right expertise, your business could be making news headlines as the latest breach.

Cybersecurity certifications are most valuable, 45% of survey respondents say. Security far outranks programming/development, in second place with 22%, as well as project management (21%); software engineering (10%); data analytics (7%); and cloud (7%).

Some security credentials are valued more than others. TEK systems found the most in-demand InfoSec certifications include Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Comp TIA Security+, GIAC Security Essentials (GSEC), and Certified Information Security Manager (CISM).

In order to hire the right talent, it's essential for IT leaders to brainstorm the specific skills they need and means of verifying whether employees have them.

"Every organization wants to get what they pay for when it comes to hiring talent," says Hayman. "A certification might prove knowledge, but it doesn't necessarily prove competency."

It doesn't make sense to demand certifications for the sake of it. IT leaders should consider the responsibilities of each role, and the requirements of each certificate, to determine whether the two align.

They should also be more diligent about screening candidates to ensure their skills meet business requirements. This means going beyond the traditional job interview to test potential hires and check references from their superiors and colleagues.

Respondents agree employers should pay for these certifications, a trend Hayman believes is on the uptick as competition for talent increases. Businesses will need to find ways to differentiate themselves to become more attractive to a small pool of skilled employees, and they can use education to appeal to IT pros.

This could potentially inspire more tech employees to enter the security field. "IT pros really value the long-term career growth that certifications provide," says Hayman. He encourages businesses to offer these educational opportunities to current employees and potential candidates to retain and recruit talent.

About the Author(s)

Kelly Sheridan

Former Senior Editor, Dark Reading

Kelly Sheridan was formerly a Staff Editor at Dark Reading, where she focused on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights