Thursday, March 13, 2008


The Economics of Industry Certifications

Several members of OWASP have been noodling the creation of another industry certification around web application security. Figured I would share some of our learnings...

Did you happen to know that in order to sponsor an exam through Prometric, Vue or other testing providers, they are guaranteed a minimum amount of revenue each and every year? As a sponsor of an exam, you have to figure out how to get at least 2,000 people every single year to take your exam, otherwise you lose money?

If certification is based on the need to drive lots of volume, especially in a declining industry, do you think that many sponsors will make testing more marketing driven than maintain integrity of the truly elite? Ever wonder why there are no exams that are on the higher end?

Did you know that the chargeback model for exams penalize those not located in North America? Folks in India have to pay more for the same exams as us in the United States? Did you know that folks in Japan pay more than the rest of the planet?

If folks in India who make less money than Americans, also pay more money to become certified, then this is a testament to those who are confident enough in their own abilities and should not only command higher compensation but the respect of others within our profession. Likewise, the risk of me failing an exam that costs $100 to take and not getting reimbursed by my employer is order of magnitude less of a hit than an employee of Wipro, Cognizant or TCS in India taking an exam for $125 and flunking it.

If the economic considerations drive what becomes a certification then at some level one needs to do market research as to what others desire to become certified in. If you could have input into creation of a certification exam focused on any aspect of IT security, what would you focus on?

<< Home
| | View blog reactions

This page is powered by Blogger. Isn't yours?