No one should be all surprised that a lot of the legislation involving the Sarbanes-Oxley Act (SOX), PCI and HIPAA is creating a completely new subset of compliance professional. Validating these new compliance professionals, however, is another issue altogether.
But thanks to the IT educational behemoth known as training and certification, we may have an answer on compliance competence sooner rather than later. Yet, one has to wonder if there will be any measurable value behind the new certifications that are being baked right now.
We will eventually see, of course, certificates such as certified SOX compliance specialist or PCI certified engineer, and so on. While certifications such as these may have questionable value, they will prove to be a good starting point for vetting potential employees. Or will they?
All we have to do is take a short walk down memory lane to truly gauge the value of certifications. Just a few years ago, the IT realm was filled with professionals sporting certifications such as MCSE (Microsoft Certified System Engineer), CNE (Certified NetWare Engineer), CCSP (Cisco Certified Security Professional), and many more.
While that may have seemed like a rich pool of potential employees, many CIOs discovered their departments were becoming flush with inexperienced “experts.” The problem has its roots in the artificial value assigned to certifications, which led to the creation of certification boot camps. This is the place where candidates learned how to take certification exams and not how to use the technology effectively in the real world.
Currently, the world of compliance is ripe for the boot camp ideology to kick in. Organizations are seeking compliance professionals at a growing rate, and it is getting harder to find individuals who have the correct skill sets to effectively implement and enforce compliance on IT systems. These dynamics will cause a boon in certifications, which in turn may water down the value of those certifications.
The moral of this story is there will be no shortcuts in finding competent professionals. If anything, it will get harder to separate the wheat from the chaff. Simply put, CTOs and CIOs will have to get involved in the interviewing and hiring process and not leave it solely up to HR to find the ideal candidates.
Frank Ohlhorst is an award-winning technology journalist, professional speaker and IT business consultant with more than 25 years of experience in the technology arena. He has written for several leading technology publications, including Computerworld, TechTarget, PCWorld, ExtremeTech and Tom’s Hardware, and business publications including Entrepreneur and BNET. Ohlhorst was also executive technology editor at eWEEK and director of CRN Test Center.