The Pursuit of Certifications

Over the years, I’ve pursued a number of certifications, some successfully and some not. They have all been beneficial to me in varying degrees depending on the current challenges I’m facing. For me, obtaining a certification was not just to add a few more letters behind my title but was an endpoint to a journey of professional development. Even if I didn’t reach the goal of obtaining the official certification, I learned very valuable information along the way that made me a better IT leader. In the following, I’ll talk a little about a few of the certifications I an successfully and unsuccessfully pursued.

CISSP – Certified Information Systems Security Professional – ISC2

This was one of the first certifications that I completed. It is often described as “an inch deep and a mile wide.” It is a great starting point for someone interested in information security. The knowledge base for the CISSP covers everything from types of encryption to physical security. 

I’ve found the CISSP to be very helpful. In K-12 we wear a large number of hats and support a variety of needs. The broad scope of the CISSP provides the foundation knowledge to help you with those various needs. I spent one year studying for the old, written version of the test which was 6 hours and 250 questions. They now have a shorter, computer adaptive test.

The CISSP is offered through ISC2. To qualify for the CISSP, you must have at least five years of cumulative, paid full-time work experience in two or more of the eight domains. To pass the test, you are given a maximum of three hours to complete the 100 to 150 items in the CISSP computer adaptive exam. After passing the test, you must get endorsed by a current CISSP. Feel free to reach out to me if you are in need of an endorsement. Similar to most of the certifications below, you must complete 120 CPEs over 3 years to remain in good standing. There is a fee for taking the test and an annual maintenance fee every year after passing the exam. 

There are a large number of resources available you can use to prepare for the CISSP. You will find plenty of books on Amazon. The actual ISC2 CBK for the CISSP is an extremely dry read and challenging to get through. SANS has some boot camps periodically in the region. MOREnet has also recently rolled out their “Professionally Evil CISSP Mentorship Program.”

CETL – Certified Educational Technology Leader – CoSN

The CETL is a certification that I have repeatedly started but not completed. In the very early CETL days, I participated in the CETL field test. I passed the Part 1 multiple choice section of the test but did not pass the Part 2 essay section of the test. For me, the CETL remains on my to-do list. 

The CETL is important because it represents that an individual has the knowledge and mastery to lead a K-12 EdTech environment. The CETL recognizes that most of us have come from either a technical or curricular background and the need to have a balanced understanding of both sides. 

The best part of studying for the CETL is that it directly applies to the day-to-day work we do. It will make you a better K-12 EdTech leader even if you don’t take, or in my case, pass the test. There are numerous resources available to study for the CETL. Missouri and METL also have a large number of mentors available to guide someone in the journey to the CETL. Below are some currently available resources:

• Framework of Essential Skills of the K-12 CTO
• CoSN Knowledge Center
• Online Courses
• CETL Certification Handbook

The METL board is working to put together a CETL Cohort. Please feel free to reach out to us if you are interested in pursuing the CETL.  

CEH – Certified Ethical Hacker – EC-Council 

CEH is by far the coolest sounding certification. This is probably why I have never completed the CEH. CEH is a more technical certification, covering areas outside my strengths. I’ve taken a CEH course and read a test prep book. I still haven’t reached a level of comfort with the content to give me the confidence to take the test. It is a more hands on certification covering the foundational knowledge required to be a white hat hacker. In my opinion, having experience with command line, basic programming, and networking are important when looking at the CEH. I’ve learned a lot of good information, techniques, and tools in my pursuit of the CEH.

The CEH is provided by the EC-Council. The test is 125 questions over 4 hours. Similar to the CISSP there are continuing education credits, 120 over 3 years. The test covers six tasks and seven knowledge domains.

Tasks: 

1. System Development & Management
2. System Analysis & Audits 
3. Security Testing/Vulnerabilities
4. Reporting
5. Mitigation
6. Ethics 

Knowledge:

1. Background
2. Analysis/Assessment
3. Security
4. Tools/Systems/Programs
5. Procedures/Methodology
6. Regulation/Policy
7. Ethics
   

If you want to see how you might do on the CEH, the EC-Council does have an online assessment. While I don’t know if I will ever complete the CEH, I would be ecstatic to have a staff member with the CEH knowledge and skills helping protect our environment. 

ITIL – IT Infrastructure Library – AXELOS

I am proud to say that I am a certified ITIL Expert v3. The first METL CTO Clinic I attended I met a couple of colleagues that were going to take an ITIL Foundation course. Not knowing anything about ITIL, I thought it would be a good chance to continue to collaborate with these individuals. At the end of that course, I not only understood ITIL but had a new way to look at our approach to IT. ITIL is a set of best practices built around IT Service Management (ITSM). It provides structure around the entire lifecycle of delivering a service to an end user. 

The current version of ITIL is ITIL 4. There are 4 progressive certifications for the current version: 

• Foundation
• ITIL 4 Managing Professional
• ITIL 4 Strategic Leader
• Master

I don’t recommend getting all the ITIL certifications, unless that is your professional goal. I do recommend that any person of leadership in your IT organization take an ITIL Foundation course and attempt to take the test. The Foundation course introduces you to the ITIL vocabulary and builds the basic understanding needed for an organization to start moving towards these best practices. All of my ITIL work was done through Centriq in a boot camp to certification test type structure. In case you are wondering, I did not pass ALL my ITIL certification tests the first time. 

CISM – Certified Information Security Manager – ISACA

A friend of mine, in commercial IT, recently asked me if I would be interested in studying for the CISM with him. I’m just starting to learn more about the CISM. It is a certification on my roadmap for the future. As information security becomes a larger issue for school districts, I feel the knowledge gained through the CISM will help me better support our community. 

Conclusion

Certifications do not mean an individual is good at their job or as a leader. At a minimum, it means the individual acquired a scope of information long enough to pass an evaluation of some sort. I like to use certifications as a way to push my own professional learning. I’m successful if at the end of the journey I’m better able to support my community, not if I have a few more letters behind my name.

Thank you,
Jason Rooks, CIO, CISSP, ITIL, MBA…