Posted by: Ed Tittel
Gosh, it seems like infosec topics have dominated the cert news and information lately. Today is no exception, as I report on one of the awards in SC Magazine‘s 2013 Winners — namely in their Professional Awards category. This year’s winner is the Certified in Risk and Information Control (CRISC) from ISACA, designated as the best professional certification program (presumably, in the information security field).
Also chosen as finalists were the following credentials: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), GIAC Security Expert (GSE), ISACA Certified Information Security Manager (CISM), and ISACA Certified Information Systems Auditor (CISA). Does anybody else find it curious that only GIAC and ISACA certs made it into the finalist category? I certainly did, so I checked on the Judging Information page to see what it said about how the professional awards, including “Best Professional Certification Program” were made. Here’s what it says, verbatim:
With the exception of the Editor’s Choice Award recipient, winners in the Professional Awards category will be decided by an expert panel of judges. Like the Excellence Awards, not only are judges advised to review the materials provided by entrants, they also are asked to review any applicable research or analyst reports, product reviews by SC Magazine, and/or any additional documentation/input provided by SC Magazine and/or other Haymarket Media publications. In some cases, the panel may be offered further insight or add additional notes from SC Magazine’s editorial team members who may decide to interview or already have interviewed contenders. There will be one winner chosen per category.
That doesn’t seem like a terribly transparent set of judging criteria, but at least it’s an understandable one. What I guess I find interesting is the focus on news and information from the media company that owns SC Magazine. Aside from mention of “applicable research or analyst reports” (and that would certainly cover a host of sins), everything else seems to come through the Haymarket Media filter. I don’t mean to question the utility or value of any of the finalist certifications designated, and certainly earning the GIAC Security Expert is a lifetime achievement worthy of serious note. But there are a lot more (and more popular and/or more highly regarded, except for GSE) infosec certs out there that could at least have made finalist grade. I wonder at the omission of CCIE Security, CISSP (and its follow-on credentials), any of the ASIS certs (CPP, PCI, and PSP), and more. Very curious! It certainly would be nice to know more about the data and knowledge base from whence the judges drew to make their finalist and best selections.