The Internet community needs to have security skill certifications that are meaningful. Right now, there are a hodgepodge of organizations that offer certifications in a wide variety of areas. Last year there were at least 150 vendor-neutral information security certifications and 20 vendor-sponsored or vendor-specific security certifications.

The fact is, most of these certifications are for entry level skills or are product specific. Don’t get me wrong – we certainly need credentials that demonstrate that someone is competent for the same reason that we hire licensed plumbers or electricians.

What we’re missing is a uniform EXPERT level credential akin to the MD for physicians. And just like in medicine, there should be specialist security certifications to designate significant knowledge beyond the baseline MD-equivalent.

In the security industry right now, there is no way to tell if you’re getting a real expert or not.