SOC Reporting Careers | Unlocking the Power of Certifications
Robert Ramsay, CPA, CISA, CITP, HITRUST, CCSFP | Director & SOC Reporting Practice Leader
Regina Akrong, CISA, CISSP | Manager, SOC Reporting Practice
Robert Ramsay: Welcome and thanks for joining us. Today, I’m with Regina Akrong on our SOC team, and we’re talking about credentials: all those letters that sometimes show up after someone’s name showing that they’ve taken a test or jumped through some hoops or cleared some hurdles. They’re key to our industry because there are so many different frameworks and compliance requirements. And Regina has about as many of these as anyone I know. Regina, thanks for joining me.
Regina Akrong: Thank you. I’m glad to be here.
Robert Ramsay: Yeah, great that you could do this. As I said, you’ve gotten a lot of these through your career. How have they benefited you?
Regina Akrong: For one, getting a certification would help in terms of your knowledge. It shows a base requirement and maintaining that requires you to be interested in what’s going on. You have to do CPE that help you keep up with all the changing technology that’s happening.
And IT is really a fast industry where things are changing, often new things are being introduced, and therefore new frameworks, how to do things better. And so this is a way for you to demonstrate that you are an expert in the field and
additionally, it will help with companies trying to recruit you. It’s a way for you to show that you know what you’re doing. And then once you’re working in the consulting industry too, it’s a way for you to show that you are well-versed in the topic to be able to aid the client.
Robert Ramsay: I like how you mentioned the maintained education part of it. It’s not just taking a test, is it? You have to do something every year.
Regina Akrong: Yeah, you always have to attend training, webinars, and those usually provide insight into what’s new, what’s changing, new frameworks, new discussions out there, challenges going on in the industry, and you have to do this every year to keep your certification.
And based on the certification, each one has a different requirement. So for instance, if you are in the security world, you attend more security training, you’ll be interested in what’s going on in security in the cloud, for instance. And these are ways to keep yourself updated in the industry.
Robert Ramsay: They’re serious about it too, aren’t they? You’ve got to keep your paperwork and you have 40 hours a year and you have to submit that and they check up on you.
Regina Akrong: Oh, yeah. Oh, yeah. It’s 40 hours for most certifications and you have to do it within the deadline, which is mostly within the year. And then of course, you have to pay some money to keep up with your certification, but then most
companies would pay for it.
Robert Ramsay: That’s a good point. It shouldn’t be intimidating. It is an investment definitely of time, and sometimes for taking tests. Here at Barnes Dennig, we’re able to pay for that for all our employees because it’s so important to maintain all these certificates.
Regina Akrong: Right.
Robert Ramsay: I think the training’s fun too because there’s some networking component. You get together with people that do the same thing.
Regina Akrong: Definitely. And there’s exchange of ideas when you usually go for the conferences. I mean, you meet new people, people doing different stuff in the industry, it’s kind of eye-opening and it lets you know you’re not alone.
Robert Ramsay: I like that you pointed out, it’s especially important in technology because things change so fast. It does help us. It forces us and helps us to maintain an up-todate knowledge of what’s out there. We should maybe talk about the training we do in-house too. We often do our own training.
Regina Akrong: When I joined the team, I got the opportunity to do my own research and present on the topic of my liking, and it really enhanced my interest in trying to transfer knowledge to people, share my experiences, share my knowledge that
I’ve learned in my field so far. And it was something different and eye-opening and I really liked it.
Robert Ramsay: You were great, your inner teacher came out, but it is a neat way to learn because you’re forced to pick a topic that you care about, it might be something that our clients care about. And then rather than sit in a class and hear an
average amount of information, you hear exactly what pertains to what you need and what you care about.
Regina Akrong: Yeah, that was really good.
Robert Ramsay: It’s a fun way to do it. We get together once a year and take turns sharing what we’ve researched.
Regina Akrong: Yeah.
Robert Ramsay: It’s a good way to stay on top of things.
Regina Akrong: I am going to be applying for my Privacy credential and I have done work in HIPAA and it’s really a big topic now considering digitalization of healthcare. Everybody’s data is out there somewhere, so it’s a good way to ensure that the
businesses are keeping data secure.
Robert Ramsay: That’s great. We appreciate you doing that. Privacy laws keep changing. There’s national, international, state, there’s a lot to keep up with.
Regina, you’ve got so many credentials. What was it like when you were kind of considering your first one? Which ones are early on in your career? Things that people start with.
Regina Akrong: So when it comes to IT in general, there are so many areas and you have to kind of choose what your interest is to build onto it. So I started with IT auditing. So I started with CISA from ISACA and then my interest in security built up, and then I jumped into the CISSP. And as you know, with privacy, it’s out there.
Everybody’s talking about privacy and securing our data. So actually, looking at what your interest is, your path, the path you want to take, there are so many credentials out there that helps you build up your expertise.
Robert Ramsay: Yeah, thanks a lot. Some of these credentials have credentialing bodies and some of those are international, and that’s what ISACA is to CISA, the Certified Information Systems Auditor, and they conduct these exams and they track all
the CPE we take. And they host local chapters. So that’s another one of those networking training opportunities where we can do it locally. Sometimes it’s nationally, sometimes it’s internationally.
Well, thanks for joining us today in a discussion of credentials and what we use in our SOC world and how we maintain our training and why we enjoy doing it.