Is IT too Important to Be Trusted to IT Pros?
You didn’t always have to go to medical school and get a license from the state to practice medicine. The first licensing laws in the U.S. were passed in the 1800s but then repealed in most states, and many states had never passed licensure laws by 1850. Aspiring physicians could apprentice with practicing doctors until they were deemed ready (or deemed themselves ready) to hang out their shingles. Attorneys got their training in much the same way. Today, of course, practicing medicine or law without a license is a serious criminal offense, and obtaining a license requires not just passing exams to demonstrate knowledge of the subject matter but meeting stringent educational prerequisites before even being allowed to take the tests.
One could argue that the IT profession today is where the medical and legal professions were two centuries ago. There’s no formal training, testing or governmental approval required to become an IT practitioner. Some believe it’s time for that to change. They postulate that in a world where all networks are connected to one another through the global Internet, an incompetent network admin can be responsible for grave damage to companies, individuals and national infrastructures.
Does the current move toward the cloud provide an opportunity to rethink the qualifications for IT positions? What are the pros and cons of going to a “licensed professional” model?
Licensing isn’t reserved for just those “high end” professions mentioned above. From amusement ride inspectors to well diggers, plumbers to hairdressers, the state and/or professional organizations regulate occupations of all sorts at all levels of income. Some states license dog breeders, palm readers, boxers, egg handlers and other unlikely occupations. New York State licenses 126 occupations. The rationale is protection of the public and those individuals or companies who utilize the services, although of course there is almost always a monetary cost to the licensee, which may or may not cover or exceed the actual cost of administering the licensing program.
Licensees are usually required to complete a certain amount of continuing education in their fields in order to renew their licenses on a specified regular basis (which of course means additional on-going costs). A disadvantage (to the public) of licensing is that it can drive up the cost of the services performed by the licensed personnel, both by imposing costs on them that must be recouped and by creating an artificial shortage of qualified personnel. Of course, this is beneficial to those who are licensed professionals.
Some argue that licensing requirements stifle competition by imposing extra cost and sometimes irrelevant educational prerequisites on those who want to practice an occupation or profession, and that issuance is sometimes based on subjective criteria, which can allow those within the profession to exclude others they deem “undesirable” for reasons that have nothing to do with job abilities. In addition, licensing boards are usually made up of political appointees who may have their own agendas.
The closest thing to licensing that the IT industry has had, for a long time, is certification. There are hundreds of different IT certs available. Software vendors operate programs to train and test IT pros in the use of their products and issue certifications such as the MCSE (Microsoft), IBM DBA (IBM) or CCIE (Cisco) in recognition of demonstration of competency according to their standards. Vendor-independent organizations such as CompTIA and SANS also provide testing and certification in network administration and security that are not tied to particular product lines.
The big difference between licensing and certification is that the latter isn’t mandatory in order to get a job in the profession, although certified professionals may command higher pay and find it easier to get a job. Companies can set hiring policies that require certification, but they’re free to hire uncertified IT pros if they want. Generally, performing the duties of a licensed professional without a license can carry heavy penalties, such as fines or even imprisonment under the criminal laws, and/or civil lawsuits.
Those who favor the licensing model for IT pros point out that the complexity of computer networking approaches that of law and medicine, and that the ramifications of mistakes on the part of IT professionals can have similar negative impact. Those who are not in favor of licensing argue that the standards for legal and medical professionals, as well as those for most other licensed occupations, are much more established and grew out of centuries of evolution of those occupations.
Computer networking has only been around since the 1950s and widespread Internet connectivity for businesses and individuals didn’t come about until the 1990s, less than half a century ago. Thus those standards are much less absolute. Creating licensing exams that truly measure a candidate’s ability to do the job would be a challenge. Certification exams tend to be very specific, focusing on a particular vendor’s product(s) or on a specialty area (such as security) or be overly broad and high level to the point where the cert doesn’t guarantee any real in-depth knowledge of the subject matter. There is also the issue that some people who can do a job well don’t perform well on written exams, and hands-on exams (such as the CCIE) are very time-consuming and expensive to administer.
For the IT pros themselves, there would be both benefits and drawbacks to a licensing mandate. Those who made the cut might enjoy increased compensation and greater status – but entering the profession would be considerably more difficult. Am I in favor of licensing IT pros? No. Do I believe it’s inevitable, sooner or later? Probably.
Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!
About the Author: Debra Littlejohn Shinder
Debra Littlejohn Shinder has been working and writing in the field of IT security since 1998. She’s an author of and contributor to over 25 books on computer technology, including “Scene of the Cybercrime,” based on her previous experience as a police officer and police academy instructor. Deb is owner and CEO of TACteam and has contracted with Microsoft, Intel, HP, Prowess Consulting, Sunbelt Software, GFI Software, ConfigureSoft, 2X Software and other software and hardware companies. She currently writes articles and blogs for Windowsecurity.com, WindowsNetworking.com and ISAserver.org and has published more than 1500 articles for web sites and print magazines. Deb has been a Microsoft MVP in the area of enterprise security for the past ten years.
A license is nothing more than a revenue driver for the entity issuing the license. All doctors are licensed yet there are still physicians who do horrible jobs.
If I have a serious issue I want someone board certified.
I think the same applies to IT. A license really doesn’t mean good work or sound skills. It just means they registered with one entity or another. Certifications are a step up from that, but honestly, some of the brightest and most knowledgeable people in IT I have met hold no certifications. Those that do usually do so to warrant a bigger paycheck.
Will it happen? Maybe. Will it improve things? Doubtful.
You raise some excellent points and I think that the need for training and certification is sometimes necessary. But licensing brings up a number of questions that need to be answered before any such program is enacted. What specific skills need to be measured and are these skills just on a written test or will hands on testing be required? Will there be different levels of licensing, l.e., apprentice, journeyman, master? How much training and/or experience will be required to be licensed? For how many specialties will licensing be available (their are more specializations than many people think)? Further, would this stop all the “trunk slammers”, kids next door, nephew who is very knowledgeable, etc. From working on computers, printers, networks, etc. Under penalty of law? Just a few thoughts on this subject.
Greg, I agree that training is often necessary to obtain the level of skill needed to do the job. IT is becoming more and more complex – and licensing would be more complex than it might seem due to the very questions you raised.
Would licensing laws stop the “amateurs” from working on computers and networks? My opinion is no, unless the penalties were draconian and it was aggressively enforced. One need only look at the widespread disregard for the copyright laws (where fines ARE severe but enforcement very spotty) to know that.
David, an additional case against licensing is that it’s normally done by individual states. Networks span state (and national) borders and that could create complicated jurisdictional issues.
That’s been the case with state laws in several states that require computer forensics examiners to be licensed: http://www.mttlrblog.org/2009/02/20/legal-issues-arising-from-new-requirements-for-licensing-of-computer-forensics-in-michigan/
Badly written statutes (and far too many end up that way after going through the amendment processes) could technically make it illegal for you to manage your own home network without getting a license, the same way some overly broad forensics licensing laws can be interpreted to prevent you from working on your own computer, as mentioned in that article.