The real value of certification

When I first landed in the State of Qatar in 2006 with the College of
Technology Project (CNA-Q) and began canvassing the security management
personnel in the country on what their organizational training and
educational needs were, it was astonishing to discover the majority of
the expatriate security managers wanted to obtain the CPP certification
from ASIS International. I didn’t appreciate how popular the
certification had become abroad. Most of these interested candidates
also didn’t feel they were immediately prepared to challenge the
examination process. The expatriates were  from diverse nationalities,
ranging from Qatari to Canadians, Britons, Australians, South Africans,
Indians, Filipinos, French and of course Americans. This eclectic mix
of foreigners seemed to know what they wanted — the CPP certification.

Another interesting point, this foreign mix of security practitioners
did not equate the CPP as an American certification, but a global
certification for international security managers. Why the significant
interest?

The debate continues over the value of security certifications, whether
it is the CPP, PCI, PSP or CFE. Many will argue the certification is
not necessary and is over-rated. Others personally assert the values
and benefits of being professionally certified. What I find quite
interesting, is the first group of 55 international candidates that
took Qatar’s first CPP Review program obviously appreciated the
benefit. Since 2006, interest in the ASIS International certifications
has flourished in the Middle East, and every candidate discovers the
desire to achieve the certification on their own. Many are motivated by
seeing their peers step up to the challenge, similar to the hundreds of
practitioners, from North America who prepare and test every year for a
security certification.  They appreciate the value.

I believe the benefit is whatever each individual seeks it to be. Much
like a university degree in security management is not for everyone
either, nor will it become a mandatory requirement to become a security
professional in most organizations. So why pursue higher education or a
certification? I found evidence that most security practitioners, who
sought certification, did so for the following reasons:

1. They wanted a credible third-party validation of their competencies
Many feel a certification is a validation they are indeed a
professional in what they do. Often a valid complaint from security
managers is that they are not respected as a profession like lawyers,
accountants or even IT professionals. The CPP has evolved as such a
validation for security management professionals. As an example, a very
detailed job analysis is conducted by the independent testing service
which manages the certification in order to determine the tasks, skills
and knowledge which is required as a security management professional.
The results of the analysis are then used to design the domains and
tasks for the examination questions. Practitioners are then tested on
having a sufficient knowledge of relevant areas (domains) and tasks.
Therefore the certification validates, according to industry standards
as garnered from the analysis, a professional’s knowledge and
experience with security management. Executive management understands
and can relate to this type of metric and validation.

2. Peer recognition as a security management professional
Simply put, a security manager can have over 30”“years as a decorated
law enforcement or military officer in a highly respected agency, but,
that does not mean they are a security management professional. The
majority of candidates I tutored toward a CPP or the PCI review process
had extensive and impressive careers in both the military and police.
None seemed to gain any certification or designation from their vast
experience. Additionally, they agreed that although similar in nature,
working in most organizations as security management practitioners
required skills of a completely different domain. Notwithstanding the
management knowledge and skills required to lead the security team and
interact with senior executives. Let’s face it, in most military and
police environments, the personnel are not exposed to physical security
practices or protection of information in a corporate environment and
other skill sets that are expected from a security manager in many
public or private organizations.

---

3. The Challenge!    
Indeed, there are those who will rise to the challenge and seek the
certification, “because it is there.” Although, many would find other
methods of enjoyment in their lives than the torturous, long-hours
spent studying and preparing for the certification exam. Apart from
chapter or other structured review programs, I advise anyone who is
preparing for certification to allot three-months of their lives, and
three-to-five hours per day and more on weekends to spend reading and
reviewing the resource materials required for the 200+ questions on the
exam. When I ran the Qatar CPP Review, we had candidates meet once per
week in the evening as a group but also required everyone to read
between 100 to 300 pages per week of material for three months. In
total, the serious candidates read almost 3,000 pages of material from
the POA and other reference books. Through this ordeal, many commented
that it wasn’t so much achieving the goal of the certification that was
most rewarding, but the journey getting there by learning new
information, networking with peers and a genuine feeling they had
learned a significant amount of information about security management.

The process is not perfect. The highest success rate for successful
certification still remains with the English speaking world. I continue
to see the majority of candidates where English is a second language,
fail to achieve the certification and yet spend hours reviewing the
material and studying. It also does not help that the material is all
in English (except for Spanish reference materials and exams introduced
about 10 years ago). This holds true for most security industry
certifications and the certification bodies have a challenge to examine
solutions toward this issue. Exam translation is a potential solution.
Until reference materials are also translated and accommodations are
made for technical language in any translation, the problems will
continue.

I would agree with many professionals who also believe there needs to
be more industry specific certifications beyond general security
management, investigative, fraud examiner and physical security. The
International Association of Campus Law Enforcement Administrators
(IACLEA) are currently researching the potential of a certification for
their professionals. Recently the International Association of
Professional Security Consultants (IAPSC) inaugurated the CSC
certification (Certified Security Consultant). Expect to see more
industry certifications that cater to specializations.
So, is a certification valuable? The significant efforts by ASIS
International, ACFE IACLEA and IAPSC are certainly indicative of the
need and demand by practitioners for certifications. Then also consider
the thousands of professionals who have a professional certification
and proudly display their credential on business cards and resumes. I
always find the best way to find the value is the next time you meet
someone who is a CPP, ask them if it was/is worthwhile to obtain and
whether it has value.

Dennis Shepp, MBA, CPP, CFE, PCI is an educator, trainer and
independent consultant who spent 26 years as a security management
entrepreneur and more recently as an educator and advisor in the Middle
East (Qatar and Saudi Arabia).