Does Chartered status matter?
09:00 Monday, 28 December 2020
UK Cyber Security Council
When my classmates and I chose our second year course units for our Computing Science degrees back in the late 1980s, the subject matter for each unit was not the only criterion. Our chosen degree was accredited by the British Computer Society, and if we chose from a particular set of course units we would be exempt from the BCS’s entry exam. We were of the view that the Chartered status of BCS membership would be a key differentiator when we went into the world of work.
The perceived value of membership was bolstered by it being far from trivial to obtain, even with an accredited degree. In my case the other activity required was a 90-minute interview with a senior IT manager at what was then the Norwich Union insurance company: at a fairly early stage in my professional career, this felt like quite a grilling.
And this is an important point. “Membership” in this context has little or no value if the entry requirement is nothing more than signing up and paying a subscription fee. BCS “membership” in the context described above was a non-trivial thing to obtain, and this is the key point: to stand a chance of being perceived as desirable, one must demonstrate one’s skills, professionalism, qualifications – one’s value. The obstacles one must scale may start small and grow based on skills, experience and recognition (for example one might begin as a student member or an associate member before progressing to full membership and potentially fellowship if the organisation has such a thing) – but even at the entry levels you will have to show some kind of qualification or meet some other criterion in order to become a member.
This having been clarified, then, does being part of a professional body really mean anything in 2020?
Well, many organisations think so. For example, the Institute of Information Security’s Royal Charter was granted by the Privy Council on 12 December 2018 – something it would not have pursued had it been considered to have minimal value. Becoming a member of the CIISec 20 or so years after obtaining my MBCS was no less arduous – a lengthy application form asking for masses of evidence of my experience in the security industry, followed by a mid-CoVID Zoom interview. The primary difference was the extra 20+ years’ experience – as a relative IT old-timer my knowledge, experience and confidence levels were much higher than as a spotty youth, and so I thoroughly enjoyed the interview this time around.
Do employers care, though? Well, it would seem that they do. Although a search of LinkedIn’s job section a moment ago (December 2020) found only five roles asking for specific chartered status (five for Member of the BCS, three for Member of the CIISec), almost 300 results mentioned Chartered bodies. Phrases included: “Already working towards or willing to develop relevant professional qualifications and memberships e.g. ... Institute of Information Security Professionals (IISP), British Computer Society (BCS)”; “Membership of a relevant professional institution (ICE, IET, IMechE, INCOSE, SaRS, IAM etc.)”; and “Chartership with relevant professional body (IET, IMechE etc)”.
As an employer, I look upon Chartered status for individuals in the same way as I look on ISO 9001 or 27001 certification for suppliers: a Chartered individual has convinced an independent judge that he or she is a worthy holder of that status. Chartered status isn’t the only thing I look for, of course – for instance I’d be unlikely to recommend someone for a senior security role if they didn’t hold CISSP, CISM or another relevant qualification – but the independent seal of approval from a Chartered body can be a big differentiator between candidates with similar qualifications, experience and backgrounds.