professional ability

I was skimming through a series of security related sites last week when I came across an article referring to someone described as something like “A Person, M.Inst.ISP, CISM, CISSP, MBCS, CITP, BSc, Director of etc…..” and I found myself wondering what that all actually meant. Yes, I know what the letters stand for, hell I’ve even got a few of them myself, but what do they actually mean in the real world? And because of those letters, would you believe that person knew anywhere near as much about software security as say David Litchfield (Jr), or Charlie Miller, or Thomas Dullien?

Just wondering.

Permanent link to this article:


    • Peter on 2012/03/09 at 12:01 pm

    Would I believe they know as much? The answer is possibly yes for the theory, and a very firm “no” for the practical deliver-me-something-that-actually-works side of things.

    The problem, however, is that HR agencies haven’t got the vaguest clue either and they are tasked with recruiting those people. Lack of knowledge always dictates a swerve to what *LOOKS* safe, so they go for the tickbox process: the more acronyms the better. After all, if said person than still fails to perform it can at least not be blamed on HR..

    As I tend to get the job of digging such multi-acronymed people out of the holes they keep digging for themselves (a job I get by reputation of having done so in the past rather than on the strength of acronym collecting) I actually know for a fact that many are labelled, but few are called to various professions. An ability to produce fancy Powerpoint may get you hired (or contracted), but at some point you actually have to deliver. And guess what?

    That’s when the panic starts, and they get hold of people that *do*. Even if those do not partake in the acronym soup game..

    • Mick on 2012/03/09 at 12:55 pm

    In my career I met a lot of security “professionals” both with and without the post nominal acronyms. In my experience, the ones who were most keen to advertise their qualifications tended to be less effective than the ones who did not need to. Sadly, BCS and CITP (both of which I once held – I have stopped paying the fees) tended to be the clearest indicators of the less technically competent. CISSP is up there with them.

    As you say, the “tickbox” HR recruiters will pick the acronym loaded. Other professionals will pick the ones who can do the job.


    (Peter, you are in danger of becoming my most prolific commenter. You are now commenting on old posts!)

Comments have been disabled.