The most pleasant experience -- if there's any pleasure in quickly being put in one's place -- was sitting for the Certified Information Systems Auditor () examination some years ago. Administered by the Information Systems Audit and Control Association (ISACA), the test accurately covered what it was supposed to, had no errors of organzation of grammar as I recall, and honestly was pretty hard. Twenty-five years of test administration and review was clearly evident. But that wasn't all -- in order to receive the designation, I had to provide proof of work experience, and find two people in the industry to vouch for my qualification and capability. That's a lot closer to the notion of a journeyman.
After this most recent test, scheduled away from home to match this month's work schedule, I met with several members of the Pune ISACA chapter and was invited to give a short talk to the membership. I now know that many of the concerns about certification are the same worldwide. Confidence in the quality and applicability of any certification is offset by uncertainty about its perception and worth in the market.
It boils down to this: The purpose of any professional designation beyond a simple marketing label is to assert capability quickly and efficiently, and shorten the social-dance portion of a potentially productive conversation. A certification, like the notion of a journeyman, means much more if it includes peer evaluation. Being able to assert that professional peers would trust and depend on you means more than any point-in-time evaluation of product-specific or even scenario-specific functional skills.
It's an idea that crosses both industry and international boundaries. This is particularly important for those who might sit a world away from their clients or partners. I might not be able to watch the eyes of a distant potential colleague or service provider while discussing a topic that would reveal knowledge or ignorance, but others can. And in that, there's a world of difference.
Note: Many thanks to Kumar M.S. and the ISACA Pune Board for inviting me to speak and share experiences at the chapter meeting in Pune, Maharashtra. I'm deeply encouraged by the interest and devotion of the information security community members, both new and old. Thank you.