I’ve been spending my time between Christmas and the New Year planning for the coming year. It’s been pretty interesting to see how far away I’ve drifted from my original MBA concentration in Finance and Marketing to my career taking root in IT. This can be mostly attributed to receiving my PMP (Project Management Professional) Certification while working at Grant Thornton in Washington, DC where almost all my projects were found all along the IT spectrum. I never put neither the MBA or the PMP designations after my name on my LinkedIn profile. Mainly, I don’t want to lead anyone to believe those few letters trailing my name define who I am. I’ll take my cue from Bill Gates. He doesn’t put anything after his name either.
There’s a fundamental paradigm shift over the past couple of years where companies are prioritizing skills over degrees. Companies are looking to attract and retain the best talent to help ensure that the right people are in the right roles, with the right skills, doing the best work. The idea behind prioritizing skills is to create a much more efficient, equitable workforce, which then creates better opportunities for all. Gone are the days of newly minted MBAs walking into cushy management positions without the requisite experience. Therefore, obtaining the relevant professional certification should be integrated into the natural progression of your career. It’s been ten years since i’ve achieved and maintained my PMP and in those ten years since I have been actively managing projects in the IT space across different domains. A certification capturing my expertise in any of these practiced areas is long overdue and a testament to possessing the skills to manage these projects in an IT environment.
Why did I get the PMP?
I pursued the PMP for two simple reasons: dirty filthy money and relative job security. In the world of consulting, certifications and advanced degrees ensure you get selected by clients to work on their projects. At the rates management consulting firms charge clients for professional services, the client wants to know they are getting the best talent and value for their money. The deal at Grant Thornton was that if I wanted to get my PMP, I would have to pony up the money for all the application fees and test prep. Once I successfully passed the exam, I could submit my expenses (~$3,000) for reimbursement, since I used the firm’s preferred training vendor to get me prepared to take the exam. As such, me and many of my colleagues at Grant Thornton were sequestered to the Hilton in Arlington, VA where I lived, breathed, and ate the Project Management Book of Knowledge (PMBOK) for three days straight. I learned that the project manager is “large and in charge” and also accountable and must act ethically at all stages of a project’s lifecycle. Once I got that in my head and learned about all the tools and terminology needed to successfully manage projects, I was prepared to take the exam.
I studied through the weekend before the scheduled exam on Tuesday and took Monday off before to let all this knowledge marinade before I went to the remote testing center to sit for the exam. I was so scared of failing because I ponied up ~$3,000 in application fees and exam prep and the credit card was coming due at the end of the month. Starting out in my career, I didn’t have that kind of money in my savings account as I was always two paychecks away from being homeless. If I didn’t pass this test, I would’ve had to re-take the exam prep. Good thing that was free, but I would have to wait a few months for the next scheduled training and pay to take another test. Grant Thornton only reimbursed one exam fee so I would be out $400. I sat for the test, went back and changed a few answers, answered a few that I skipped for the end, and hit the final submit button twice. They want to make sure I was really submitting the test for scoring. I did a double fist pump when the screen flashed PASS! How do you like those apples? They never give you a raw score, but I was at Target or Above Target on all the project management domain areas tested.
The first thing I did the next day was submit my expense report where it was approved and reimbursed in my subsequent paycheck. Credit card got paid and I walked a bit taller around the firm as newly minted PMP certified #157830, joining the elite group of PMP certified folk ready to tackle any project head on. To be serious, I was setting the clock for when I would received the $1,000 bonus for passing the PMP. To discourage people from taking this training benefit and running off to another firm for more money and a promotion, you were required to stay with the firm for a defined period of time or pay back the reimbursement. At the end of this probationary period, there would be a $1,000 bonus waiting on the other side of that rainbow. When I received that bonus, my life was on a better trajectory than the year before. I hopped on a plane to Kauai with my camping gear to escape winter and hiked the Kalalau Trail where I spent a week camping out in one of the most remote beaches on earth. It was paradise.
Why am I pursuing the CISM in 2023?
A decade has passed since I achieved the PMP certificate. In this past decade, I have been seeing a trend form and the gap widen on how organizations struggle with how the business translates its requirements to the language of IT and IT translates these business requirements back to creating products. The PMP’s job is to align all this stuff into one stream of consciousness to achieve mutually assured successful outcomes for both the business and IT. Over the past decade since I’ve received my PMP, I’v been gravitating more and more toward Information Security Management and I’ve developed an innate sense for IT projects that may need further oversight and review from leadership before committing to IT full stop. Engaging InfoSec during the early stages of the project ensures that we all have the requisite buy-in from everyone that has equity in the project to proceed confidently into project planning. On past engagements, I’ve seen many project managers engage InfoSec and Privacy for review too late in the project lifecycle. As a result, these InfoSec and Privacy team reviews have been scathing and have negatively impacted the scope, schedule, and budgets of these projects. I’ve seen extremely awesome products and ideas obliterated due to unacceptable security risks to IT systems and/or privacy concerns. The subsequent efforts to get these projects back on track either resulted in a completely different product being created or a greatly diminished product that drained the life out of IT teams and Product Managers.
After reviewing available certifications related to the field of Information Security, I landed on the Certified Information Security Manager (CISM) certification. There is a related certification to CISM called the Certified Information Systems Security Professional (CISSP) certificate, but I feel like the CISSP is geared more towards the technical side of information security; whereas, I’m looking to expand my role to ensure alignment between an organization’s information security program and its broader strategic goals.
Final Thoughts
Let’s be honest, all certifications are not created equal. In additional to being a PMP, I’ve also achieved the Certified Scrum Master (CSM) Certification as well as the CMMI Level 2 certification for Acquisition Professionals. These two certifications were gained over a weekend, and did not require the requisite years of experience coupled with the education and training tenets as the PMP or CISM. I see a lot of people putting the CSM in their LinkedIn profiles and email signatures and I just don’t see how these are on the same plateau as some of the other professional certifications. I have mine listed under certifications in my LinkedIn profile along with my Sightseeing Guide Licensee for New York City. I think these two certifications are good to have and to show how I’ve amassed additional skills and knowledge in these disciplines, but I don’t think organizations value them as much as a PMP, CISM, and MBA when evaluating candidates for many coveted, high paying senior level IT management positions. Once I achieve the CISM this year, my goal is to be a more prolific writer in the area of Information Security and try to get published. The addition of the CISM will also allow me to update my bio and tagline to communicate these additional skills to new and existing clients as Brave New Media LA expands its IT Service offerings into the area of information security management.
Leave a Reply