Cheap and nasty security and risk certification does more harm than good.
You can't miss the growing volume of "certified" security and or risk management offerings
and graduates.
Further evidence of this is seen in the ever-growing list of post-nominal or alphabet attachments
to peoples names and online profiles.
The number of providers, organisations or "groups" that now offer these certification
offerings and abbreviated expert titles is growing too.
Certified what?
You're either qualified and verified, or you're not.
No amount of cheap and nasty day courses or group chats about random, unstructured topics
won't substitute this reality.
Other vocations, trades and professions are clear and concise on this, so too is security
risk management.
There are handymen, and there are qualified tradesmen.
There are lawyers and those that can hold a conversation or know select parts about
the law.
There are doctors, and there are quacks.
Just because there are a growing number of the informal or less stringent qualified graduates
than professionals, doesn't make it acceptable or a profession by proxy.
Entire sectors have been shut down for fraudulent education practices and claims.
The security sector has experienced some of this, with thousands losing "certification"
due to unsanctioned, illegal or completely unfounded training and education practices.
The flat earth believers have a community too; it doesn't make their views and practices
valid.
Both academics and lay people laugh at fabricated and made up theories and practices, no matter
how much they cling to pseudoscience and conspiracies.
Outside professions and the companies or corporates you live and work in see through these poor
standards and practices too.
Some go as far as laughing out loud at some of these titles, courses and content that
allegedly lead to self-proclaimed certification.
Companies that have paid for this training or certification are starting to look at this
practice and are likely NOT to take kindly to wasted time and money sending people on
these junkets, let alone possible fraudulent claims pertaining to qualifications and standards
that are utterly unverified in the real world.
The education and learning sectors are very mature.
There are academic pathways, standards and quality control measures.
They are also adaptive to change, new inputs and positivism practices.
They are not cheap, but a lot goes into quality and consistency.
To be clear, universities then qualitative, collective representative groups such as the
Institute for Risk Management, ASIS, The Security Institute, ASIAL, and the International Association
of Professional Security Consultants are respected and valid pathways for security risk management
education.
If you sit in a classroom for a day or three chatting, do a tick and flick assessment that
is marked in 10 minutes then you get a course photo and graduation certificate……you
have wasted both your time and your company's money.
Security risk management is still developing as a profession with a basis in science and
other verifiable, tested practices.
It's not witchcraft.
The more questionable practices and substandard education undertaken in addition to that which
is visible to the public, the more people think "security" is more quackery than
a profession.
The more you participate in the idea that security can be learned in a day or 3, by
anyone, the more you diminish your competency and the value of security as a science.
Stop it.
You are doing harm to YOUR credibility, the profession, YOUR business and the genuine
security risk management standards and community.
I'm Tony Ridley.
International security risk management professional.
Thank you for watching.
Không có nhận xét nào:
Đăng nhận xét