By John S. Monroe
GCN.com
Jan 06, 2010
Nothing irks a security professional more than the suggestion that the federal government could improve security by setting up a standard certification program for agency staff members.
This idea, which is gaining traction in Congress, might sound reasonable. But many security experts say it is a red herring. One such expert is Daniel Castro, a senior analyst at the Information Technology and Innovation Foundation, who wrote a column on the topic [1] for FCW.com.
"If certifications were effective, we would have solved the cybersecurity challenge many years ago," Castro wrote. "Certainly more workforce training, although not a panacea, can help teach workers how to respond to known cyberattacks. However, workforce training is not certification, and organizations, not Congress, are in the best position to determine the most appropriate and effective training for their workers."
His column triggered a flurry of reaction from readers, most of whom seconded his remarks by sharing observations and experiences of their own. Here is a sample of the responses, which have been edited for length, style or clarity.