To Study or Not to Study? - Security & Risk Management Qualifications, Credentials, Accreditation and Certification
Ridley Tony
Experienced Leader in Risk, Security, Resilience, Safety, and Management Sciences | PhD Candidate, Researcher and Scholar
The question of discretionary study, qualifications and accreditation remains a ludicrous paradoxical notion to established professions such as medicine, engineering, law and education, yet it remains a dominant opt-in/out choice across the security, risk and management disciplines asserting they too are professions.
In other words, you simply don't assume the title of doctor, nurse, lawyer, engineer, teacher or other professional qualifiers without demonstrating considerable, specific, consistent and verifiable, objective education underpining one's qualifications and rights to practice in said area.
How is it then that just about any individual, department or organisation can insert security, risk or management into their job title, curriculum or professional qualifications without any significant education or objective credentials on which it is based?
If the practice of medicine was based purely on vague job title entitlements, 3-5 day short courses, a random assemblance of prior, unverified job functions and membership to a club with medicine or profession in the title... would you trust said individual and methods with your valuables, business or life?
Objective, verifiable scales of knowledge, education, experience and competency are required, which are specific to a particular trade, vocation or discipline.
Not all credentialing, accreditation or licensing organisations or associations are created equal.
A concerning and growing number of said credentialing, accreditation and licencing organisation within the security, risk and management space account for little more authority than a note from your mother saying you're qualified and achieved the required approval to play with all the other children with security, risk or manager in their job titles... including consultants.
Yet organisations, LinkedIn and security and risk departments remain laden with them.
Note: Current or past government service and job title/role is also not a proxy for demonstratable, objectively verified and proven education and qualifications from an approved body or educational institution.
The following framework and mapping provides a function guide and point of comparison for individuals, organisations and buyers
Competency, education and qualifications are not immediate. They take time, effort and typically pass through a series of gateways or milestones to assure completion prior to next level pursuits and status.
I have sampled most of the options. That is, I've been to public school, educated by the government service system (military), private/commercial short courses, registered training organisations, mentoring, corporate training programs, higher education and professional certification by a well established, exclusive cohort of discipline professionals, in additon to pursuing a professional doctorate
The differences are stark, however, nearly anyone can join the security, risk or management ranks overnight with little more than a passion or poor human resources recruitment process as a means of self-validation.
This deficit of security and risk management qualifications and education has become one of the greatest internal risks to the practice of security and risk management... perhaps even greater than many external threats, foreseeable harms or risks.
领英推荐
Moreover, hanging around a hospital doesn't make you a doctor, nor does accumulating frequent flyer points make you a pilot...hence hanging around companies, departments or working practices with security or risk management in the titles also doesn't make you a said professional within security or risk management professions.
In addition to the accumulation of education and qualifications is the degree of practice autonomy and competency associated with professional credentialing.
Like it or not, doing a medical degree in your 70's does not make you an experienced medical practitioner or doctor when compared with those with decades of real-world experience in the area of healthcare, medicine and science.
The same applies to those that have recently acquired titles and short course credentials in the name of security and/or risk management.
This includes the growing number of MBA's asserting it is a proxy for specific security and risk management sciences or profession-specific qualifications. For the most part, it is not.
As unpopular and confronting as this idea and requirement for evidence remains for some (predominately those that don't have any substantiated qualifications or verifiable security and risk management education).
Courts, legal proceedings, government regulators, insurance underwriters/providers and a growing number of relatively objective parties (including consumers of consulting and paid security/risk services) are paying more attention to these self-authored credentials and overnight expertise permeating security and risk departments, practices and informing habits.
As a result, considerable risk and liability are becoming the obfuscated reality of basing advice, investment and practices on the plethora of unsubstantiated and unqualified advice of unqualified, adequately educated, certifiable or objectively proven professionals in the security, risk and even the management industry, let alone profession/s.
Tony Ridley, MSc CSyP MSyl M.ISRM
Security, Risk & Management Sciences
Reference: