Certifications in IT

I hold a lot of certifications. That’s a personal choice, not a creed. I like challenging myself against a test to prove I’ve learned something and lets me prove to myself that I’ve actually successfully learned something. The “certs or no certs?” debate is as eternal—and as spicy—as vi vs. Emacs (or “eMacs,” if you’re trolling your coworkers). Different corners of computing answer that question differently, for good reasons. A little history sets the stage:

  • CCIE’s origin (1993): Cisco launched the CCIE with a famously grueling, hands‑on lab. It quickly became the example of a vendor cert that feels like a license to practice, not just a multiple‑choice quiz.
  • MCSA’s era (retired 2020–2021): Microsoft’s MCSA/MCSE/MCSD defined the classic exam‑centric, product‑specific credentialing model before Microsoft pivoted to role‑based, cloud‑first certifications.
  • Software Engineering PE (ended 2019): In the U.S., the dedicated PE exam for software engineers was discontinued after the April 2019 sitting—closing a formal licensure lane some hoped would tie software to traditional engineering standards.

How different parts of computing view certifications—and why

  • Networking & security (enterprise / service provider): High blast radius and regulated environments make proven, hands‑on competence valuable. Hiring managers often treat a CCIE/JNCIE (or GIAC, CISSP/CISM) as reliable filters because they reduce risk.
  • Cloud, SRE, and DevOps: Tooling ships weekly; skills are verified by delivery outcomes. Vendor certs (Azure/AWS/GCP) help align to a platform, but portfolios, runbooks, and incident histories speak loudest.
  • Software engineering (product companies/startups): Code samples, architectures, and shipped features dominate the signal. Certs help less here, except when they map to security, compliance, or specialized stacks.
  • Data/analytics/AI: Because the work spans methods and platforms, industry credentials (CAP, CDMP, AIGP, IEEE PSEM/PSD, ASA) plus a cloud/data‑platform cert send a strong “method + tool” message.
  • Consulting/SIs & managed services: Vendor programs award points for vendor certs (your “ticket to play”), but industry credentials win the room in RFPs, audits, and governance‑heavy engagements.
  • Public sector & highly regulated industries: Documentation, continuing education, and codes of ethics matter. Industry credentials that mirror licensure patterns (e.g., 3‑year recert cycles) resonate.

Vendor certifications: the rule

Vendor certs prove you can operate a specific platform and are measured primarily by knowledge/scenario exams.

  • Microsoft (role‑based): Job‑role‑aligned (Azure, M365, Dynamics, Power Platform). Renewal is annual via a short online assessment—lightweight but keeps you current.
  • AWS: Certifications are valid for three years; you typically retest (or advance) to recertify—no CEU/CPE logbook.
  • Others (GCP, Salesforce, Snowflake, Palo Alto, etc.). Variations on the same theme: product‑specific exams with periodic renewal.

This is the rule: product proficiency, tested primarily by timed exams.

CCIE: the exception to that rule

Although CCIE is vendor‑specific, it’s earned like an expert license to practice:

  • Assessment: An eight‑hour, in‑person practical lab where you design, implement, and troubleshoot complex, dual‑stack networks—under pressure.
  • Maintenance: A three‑year cycle, with options to recertify via continuing education credits instead of re‑testing.

Other vendor “exceptions” (performance‑based)

These aren’t as ubiquitous as CCIE, but they send the same “I can actually do this” signal:

  • JNCIE (Juniper) — multi‑hour expert lab per track.
  • FCX (Fortinet, formerly NSE 8) — full‑day hands‑on exam across a Fortinet topology.
  • RHCSA/RHCE/RHCA (Red Hat) — performance‑based Linux/automation exams on live systems.
  • VCAP‑Deploy (VMware) — advanced lab exams (e.g., vSphere, NSX, Horizon).
  • GIAC CyberLive / Applied Knowledge — hands‑on security exams in live environments.

Industry certifications: what they are, what they measure, and why they matter

What they are. Industry certifications are vendor‑neutral credentials issued by professional societies or independent bodies. They validate methods, governance, ethics, and lifecycle practice that travel across tools.

How they differ from vendor certs.

  • They emphasize practice frameworks (e.g., DMBOK, SWEBOK, NIST/ISO concepts), problem framing, and organizational controls, rather than one product’s UI.
  • They commonly require continuing education and adherence to codes of ethics—a model that resembles professional licensure.

Why the 3‑year cadence keeps showing up. Many industry certifications use a three‑year recertification window, which mirrors how licensed professions (accounting, engineering) structure ongoing competence. It forces skills refresh, not just one‑and‑done testing.

Where they shine.

  • Consulting, leadership, and regulated contexts—where clients ask, “Do you follow a recognized discipline?”
  • Cross‑platform decision‑making—tool‑agnostic methods cut through vendor bias.
  • Program durability—CEU/PDUs keep teams aligned with evolving standards and laws.

Representative industry credentials

  • CDMP (DAMA International) — Focus: Data management aligned to DMBOK (governance, quality, MDM, architecture). Assessment: Knowledge exams by level. Renewal: 3 years via continuing professional development.
  • CAP / aCAP (INFORMS) — Focus: End‑to‑end analytics lifecycle (from business framing to deployment). Assessment: Knowledge exam (levels vary). Renewal: 3 years (e.g., ~30 PDUs).
  • AIGP (IAPP) — Focus: AI governance—risk, legal, and operational controls for trustworthy AI. Assessment:Knowledge exam. Renewal: 2 years (CPEs + membership).
  • PStat® / GStat® (ASA accreditation) — Focus: Professional statistical practice and ethics. Assessment:Portfolio/experience‑based with references. Renewal: PStat® 5 years with documented PD.
  • PSEM / PSD (IEEE Computer Society) — Focus: Software engineering practice grounded in SWEBOK (PSEM) and core development (PSD). Assessment: Proctored exams. Renewal: 3 years (e.g., ~30 PDUs).
  • CISSP ((ISC)²) — Focus: Broad security leadership (governance, risk, architecture, operations). Assessment:Proctored exam. Renewal: 3 years (120 CPEs).
  • CISM (ISACA) — Focus: Security management and governance. Assessment: Proctored exam. Renewal: 3 years(120 CPEs).
  • PMP (PMI) — Focus: Project delivery leadership and lifecycle. Assessment: Proctored exam. Renewal: 3 years(60 PDUs).

Industry certs certify how you think and lead, not just which buttons you click—and they keep you honest through continuing education.

Why this mix matters to consultants (and partner programs)

  • Vendor programs (Microsoft, AWS, Google Cloud, etc.) award tiers/designations based on certified individualsand customer success metrics. If you sell or implement a platform, those vendor certs are table stakes.
  • Industry credentials often win the room: they de‑risk proposals with auditors, satisfy governance checklists, and reassure execs you’ll run the program responsibly (e.g., CAP/CDMP for data, AIGP for AI risk, PSEM/PSD for software practice, ASA for statistical oversight).

A practical stacking strategy

  1. If you live on a platform: Earn the vendor credential your customers buy—and keep it current (annual online renewal or three‑year retest, depending on the vendor).
  2. If you own the discipline: Add a vendor‑neutral layer that matches your remit—CDMP (data governance), CAP(analytics leadership), AIGP (AI risk), PSEM/PSD (software practice), PStat®/GStat® (statistical rigor).
  3. If you’re an operator at heart: Consider a lab/performance‑based expert path (CCIE, JNCIE, FCX, RHCE, VCAP‑Deploy, GIAC CyberLive). These are harder to fake and map directly to day‑one impact.
  4. If you run a partner business: Staff to the letter of the vendor scorecard to secure your tier/designation—then put industry‑credentialed leaders in front of customers and auditors to win the room.

Quick comparison

TypePrimary signalTypical assessmentRenewal cadence
Vendor (typical)Product/platform proficiencyProctored knowledge/scenario examsAnnual or 3‑year(varies by vendor)
Vendor (hands‑on exceptions) e.g., CCIE, JNCIE, FCX, RHCE, VCAP‑Deploy, GIAC CyberLiveOperational masteryLabs / performance‑based(often in person)Usually 3‑year (often CE options)
Industry (vendor‑neutral) e.g., CDMP, CAP, AIGP, PSEM/PSD (IEEE), PStat®/GStat® (ASA), CISSP, CISM, PMPDiscipline, governance, ethicsacross platformsKnowledge exams and/or portfolio; codes of ethics2–5 years, commonly 3‑year with CEU/CPE/PDUs

Bottom line

  • Vendor certs prove you can execute on a named platform.
  • Industry credentials prove you understand the discipline and keep learning—often on three‑year cycles familiar from accounting and engineering licensure.
  • CCIE (and a few peers) proves you can do the work under pressure—which is why it remains the standout exception to the multiple‑choice rule.

Build a coherent story: one platform badge your clients recognize, one industry credential that anchors how you practice, and—if it fits your craft—one hands‑on expert cert that says, “I can run it when it’s real.”

Unknown's avatar

Author: Jason Miles

A solution-focused developer, engineer, and data specialist focusing on diverse industries. He has led data products and citizen data initiatives for almost twenty years and is an expert in enabling organizations to turn data into insight, and then into action. He holds MS in Analytics from Texas A&M, DAMA CDMP Master, and INFORMS CAP-Expert credentials.