Close this search box.
Entry Level IT & Cybersecurity Certifications Are Broken

EP 140: Entry Level IT & Cybersecurity Certifications Are Broken

Our bi-weekly Inflection Point bulletin will help you keep up with the fast-paced evolution of cyber risk management.

Sign Up Now!

About this episode

September 12, 2023

Entry level IT and Cybersecurity certifications cost too much and produce too many “paper tigers”. How do we fix that? Let’s find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.


Episode Transcript

Speaker 1: Welcome to the Cyber Risk Management Podcast. Our mission is to help executives thrive as cyber risk managers. Your hosts are Kip Boyle, virtual chief information security officer at Cyber Risk Opportunities, and Jake Bernstein, partner at the law firm of K&L Gates. Visit them at and

Jake Bernstein: Kip, welcome back to the Cyber Risk Management Podcast.

Kip Boyle: Thank you.

Jake Bernstein: It's been the longest period without my co-host ever.

Kip Boyle: That's true

Jake Bernstein: Also the-

Kip Boyle: I feel like a guest now.

Jake Bernstein: Yeah, the first time. But yeah, here we are. So, now that you're back, what are we going to talk about in Episode 140 of the Cyber Risk Management Podcast?

Kip Boyle: Well, first, I want to thank you for deftly handling three episodes without my help, not that I had any doubt about it, but now I'm going to have to go back and listen to them. And I hope nobody got used to me being gone because I'm back, baby. What we're going to talk about today is there's a new IT and cybersecurity certification company. And, well, I'm going to talk about it, and I want to talk specifically about the problems that it's trying to solve in the market. And this company is called Akylade.

Jake Bernstein: Fascinating. Is that spelled the same way as accolade, as in to applaud someone or, you know, whatever, "He's getting accolades for..."

Kip Boyle: Yeah. Well, that's the idea, but no, it's not spelled like that because we could never get the domain name.

Jake Bernstein: Wait, wait, wait, wait. Hold on. You just said, "We could never get the domain name." So do we need to have a disclaimer here that this is a... Is this a house ad episode?

Kip Boyle: I think that's a reasonable interpretation of where we're going.

Jake Bernstein: All right, let's just... Now that we've gotten that out of the way. So how do you spell the domain that apparently we, not me, but you and someone else bought?

Kip Boyle: So it's spelled A-K-Y-L-A-D-E, but it is pronounced the same as accolade. And we chose that in part because it's applause, right? If you get a certification, I mean, that's an accomplishment. You deserve to be recognized for it. But it also turns out that it's an old English word, and it means to make somebody a knight by touching them on the shoulder with a sword. We see it in movies all the time.

Jake Bernstein: Okay, now you win. Now you win. Because I thought it was just a completely made-up word, but if it's actually an old English word that means knighting someone...

Kip Boyle: Yes.

Jake Bernstein: ... that's amazing.

Kip Boyle: Exactly, exactly what it is. And so-

Jake Bernstein: I'm actually kind of amazed that you got that domain now at this point.

Kip Boyle: You know, every now and then, you get lucky.

Jake Bernstein: Yep.

Kip Boyle: But this certification company is something that I started with the co-host of that other podcast that I do. And so he knows a lot about certifications. So his name's Jason Dion, and the other podcast is called Your Cyber Path. And what we do over there is we try to help people either break into cybersecurity because that's... They want to get in. Or if they're already working in cybersecurity, we help them accelerate their career.

And Jason's been training people on how to get Security+ and a whole bunch of other IT and cybersecurity certifications for a long time with Dion Training. But on the way, he figured out that there's some real problems with certifications. And so he and I talked it through, and we decided, "You know what? We're going to try to solve some of those problems with the new company."

Jake Bernstein: All right. Well, this is going to be interesting because I have thoughts, as you might have expected.

Kip Boyle: Oh yeah, you do. They're good.

Jake Bernstein: So, now, is this why you haven't been on the show for the past three episodes, or were you on a vacation? See, I thought you were in... I'm confused now. So tell us what's going on with that. I know you were in the Philippines because you've got the tan to prove it.

Kip Boyle: I was. I was in the Philippines for a month, and it wasn't because I was spending all my time starting Akylade. Actually, Jason and I have been working on an Akylade for many, many months now, since before the beginning of 2023, in fact. And by the time this episode drops, which should be about mid-September, if I'm reading the editorial calendar correctly, our first certification will have already been launched and available generally to anybody in the world who would like to take it.

Jake Bernstein: By the way, as an aside, I think you should realize that all future business partners of yours must be named Jason because that's the most successful. People are probably wondering why I'm saying that. Well, see, my legal name is also Jason, so it's funny. Okay, let's continue.

Kip Boyle: Yeah. And actually, the similarities are more striking than that, but-

Jake Bernstein: That might be true.

Kip Boyle: ... I'll leave that alone for now. And just everybody know that wasn't deliberate, but somehow the universe made it happen anyway. So how about if I tell you a little bit more about-

Jake Bernstein: Yeah, let's-

Kip Boyle: ... what we do?

Jake Bernstein: Yeah, I'm curious to hear about this.

Kip Boyle: Okay, so-

Jake Bernstein: Actually, and I'm going to ask the question.

Kip Boyle: All right.

Jake Bernstein: Because you wanted to answer it, but I'm going to ask, do we really need another IT and cybersecurity certification company, Kip? What are you doing, man? Tell us.

Kip Boyle: That's a totally reasonable question because there's a lot of them out there already. I'm not going to name names. Everybody knows who they are. There's a lot of them, but there's a couple of problems. And Jason first saw these, and then, as we talked them through, I recognized that he was correct. But he was a lot more closer to this than I was.

But here's why. There's really two reasons. The first is that the cost of a certification these days for most of the in-demand IT and cybersecurity subjects is just too expensive. You go back five to 10 years ago, and these things were relatively affordable. And now you have to spend hundreds of dollars just getting one. Sometimes you have to spend thousands of dollars just to get one if you include all the training and everything that you need to do to get it. And then, to make it worse, most people need two or three certifications early in their career, and it starts to get hella expensive. So that's a big reason.

Jake Bernstein: It does. And I'm curious, and obviously, we can talk about this, but I think one of the... Who is the target market for these certifications? Because I think there's a lot of different ways to look at things. And I think the kind of classic certification that I think about is CISSP through (ISC)², but that is not... You have to have five years or four years plus a college degree of experience before you can obtain it. So it's not an entry-level certification.

Kip Boyle: Correct.

Jake Bernstein: And that makes it a challenge. So when I think of certifications where you need two to three or more, I think of things like, and gosh, I'm not the one who can name these, but things like Network+, Security+, all kinds of... There's a lot... The ones that I think are the hardest for me to wrap my brain around in terms of utility, in a way, are the technology-specific ones, like the ones that are put out by certain companies.

And way, way back in the day, you had the MCSE, right, the Microsoft Certified Systems Engineer. And that one, it had to have been among the first of these types of things out there because I took a class in high school, before the turn of the millennium even, that was supposed to prepare me for that exam. And so that one... Apparently, I'm old, but that is... I remember that.

But that's just not enough. That's an old one. So why don't you go ahead and tell me... I'll cross examine you, Kip. Why do we need another IT and cybersecurity certification company? We've got (ISC)², we've got ISACA, we've got whoever does the network-

Kip Boyle: CompTIA.

Jake Bernstein: Yeah, CompTIA.

Kip Boyle: Yeah, there's a lot of them out there.

Jake Bernstein: There's a lot. I mean, Google has some, Microsoft has some.

Kip Boyle: Right, right. But see, there's different gradations of quality, all right?

Jake Bernstein: Yes.

Kip Boyle: That's something that I think people have to recognize. So when you talk about a so-called certification that is published by a vendor... Let's say Cyber Risk Opportunities decided, "We're going to grant certifications on NIST Cybersecurity Framework," and we just made up a test. And when people passed it and paid their fee, we gave them a little digital badge that they could put on their LinkedIn profile. There's not a lot of rigor there, right?

Jake Bernstein: Right.

Kip Boyle: Nobody knows if our test is statistically valid. Nobody knows where the questions really came from. I mean, maybe it was me sitting in my office just churning out a bunch of questions with no peer review or anything like that, no statistical soundness. So that's sort of like the bottom tier of certifications.

Now, on the other end, you get certifications where all of that is being done, and you get... For example, CompTIA, their examinations go through an extremely rigorous process of validation. And it can cost them a hundred thousand dollars to create a new certification because they're actually getting accredited, like a university program is accredited. So there's a whole accreditation process. So those are sort of the two extremes here.

So it's possible for a company like Microsoft to turn out certifications that are accredited, that have actually gone through a rigorous accreditation process, but maybe Microsoft doesn't need to do that because they're so dominant in their market share. And I don't know if their MCSE certifications have that level of rigor. But we wanted to. So in Akylade, we are actually going through that rigorous process, and our certifications are going to be accredited by an independent company that does accreditations. So that's something I think it's important to recognize about certifications is that if you want to get one that's really high quality, you're not going to get these lower-tier ones.

Jake Bernstein: Got it. And I think, too, that the other problem is... Certification, certificates, credentials, that can mean so many different things, right?

Kip Boyle: Sure.

Jake Bernstein: Some of the Google Cloud ones are... They're not trying to be some kind of highfalutin professional certification. They really are just about, "Do you know how to operate this technology?" And that's fine. That's totally fine. And those types of certifications... I mean, maybe they're even certificates. Is that...

Kip Boyle: Yeah, I think a certificate, like, "I completed this course."

Jake Bernstein: Yeah, there's a difference between a certificate and a certification.

Kip Boyle: There is.

Jake Bernstein: And it can be confusing to people in the marketplace.

Kip Boyle: It is. It was confusing to me.

Jake Bernstein: Yeah. And I think the other thing, too, is there's two groups that need to understand somebody's skills and how to get them, and that is the people who want the job and the people who are hiring for the job.

Kip Boyle: Exactly.

Jake Bernstein: So one of the things that I've heard you and Jason talk about and the entire concept behind your cyber path, which is the other podcast that I don't talk about, is that hiring managers like you and Jason, you need to understand people who have practical problem-solving skills.

Kip Boyle: Right.

Jake Bernstein: I'm thinking about what it's like to be a hiring manager, which I am at times and have been, but in law, it's pretty easy because you have to go to an accredited law school and to get a-

Kip Boyle: Pass the bar.

Jake Bernstein: ... juris doctorate degree, which is accredited, and to then pass the bar exam, which can be very difficult. And that's really all this is, right?

Kip Boyle: Yes.

Jake Bernstein: That's really all that we're looking for here. And I think that if there was a final form of a company like Akylade, it would be a conversion to the quasi-governmental body that is a bar association.

Kip Boyle: Yeah, yeah. That's interesting that you say that. I agree with you that to become a licensed attorney is an incredibly rigorous process. And as a hiring manager, you can trust that anybody who makes it through that is competent, right? They may need other trainings and other professional growth, but they have a base foundation of competency.

Now, the problem that we're having as hiring managers is, especially when you get to these entry-level certifications, unlike the CISSP, for the reasons that you talked about, there are so many paper tigers out there. And what we mean by that is these are knowledge-based certifications. So you can memorize a bunch of information and pass the test, you can immediately dump that out of your head, and you don't have to recall anything in order to pass the test. And there's no practical evaluation of what you know.

Jake Bernstein: So who or what is the paper tiger? At first, I assumed that you were saying that the certifications or the certificates are paper tigers, but actually, no, I think it's the people who are... A person can be a paper tiger.

Kip Boyle: That's right.

Jake Bernstein: Now I understand because this is a... We need the professionalization of cybersecurity.

Kip Boyle: Right.

Jake Bernstein: It's a major, major problem. And the stakes are high, right?

Kip Boyle: Yes.

Jake Bernstein: The consequences are substantial. And hiring managers need to be able to trust that somebody who puts a bunch of letters after their name actually knows and can do stuff. Otherwise... And what's the alternative, Kip, is that hiring managers are left to individually proctor exams for their applicants.

Kip Boyle: That's right. That's right.

Jake Bernstein: And that's not really tenable in the long run.

Kip Boyle: It's not scalable. It's hella expensive. It wastes candidates' time. It wastes my time. But that's really kind of the state of the art, is when I hire somebody, I have to know whether they are able to solve real problems on the job. And how do I do that? Well, I really don't look at entry-level certifications. I mean, if they have them, it's nice. It tells me something about their interest in doing this kind of work, but I can't be sure that they really have learned practical skills from the certification.
Because that stuff is so easy to game, Jake. You can go out and buy what are called exam dumps, which is just old questions from prior exams, and you can start memorizing questions. I mean, there's so many ways to game knowledge-based certifications. And I don't think it's the fault of the CompTIAs world. It's just sort of where it is right now.

And the fact that people are willing to become paper tigers because they're trying to get jobs. And I don't necessarily blame the fact that they want to work, but there's plenty of people out there that take the Security+ exam and actually learn from it. But I still have to vet that because there's a lot of people out there who just... As I said, paper tigers. They have the cert, but they didn't really learn much.

So that's a big problem. And that's another thing that Akylade is tackling. So we actually have two different types of certifications that we're going to be releasing to the open market. The first type is going to be a basic fundamentals level. And it's not going to be... I mean, it's still going to be a knowledge-based exam. And so if somebody wants to become a paper tiger with an Akylade fundamentals certification, that's probably going to happen.

But then we are going to have a practitioner-level certification in the same subject. And what that means is that you have to pass a skills-based exam. And in the case of this first area that we're launching, which is cyber resilience, that means that your test is going to consist of scenarios, and you're going to have to choose the best answer from among the answers provided. So you actually have to apply what you've learned to a real-world situation.

And guess where the real-world situations are coming from for this test? Well, Cyber Risk Opportunities has been applying the NIST Cybersecurity Framework to real organizations in the real world for six plus years. We have extensive files about the real-world application of cyber resilience principles, and that is a major source of the scenarios that are going to appear on the examination.

Jake Bernstein: Real-life, obviously anonymized, but-

Kip Boyle: Yes.

Jake Bernstein: ... nonetheless. And, of course, once you've got a real-life scenario, you can tweak it.

Kip Boyle: That's right. And you know all about these scenarios because some of these things that we've done, you've been a part of it.

Jake Bernstein: Yep.

Kip Boyle: I mean, you have deeply walked with us on so many of these projects that we've done.

Jake Bernstein: Well, and there's no substitute for experience.

Kip Boyle: Right.

Jake Bernstein: That's the reality. And every new lawyer comes out of law school with three years of highly focused legal education, but yet, in some ways, they know nothing. I knew nothing. I thought I knew a lot, but it turns out I knew nothing. And it's okay to be-

Kip Boyle: You had something to build from.

Jake Bernstein: You had something to... Yes, you do. And what's interesting is I was going to tell you, did you know that in most states, the bar exam is what they call a minimum competence requirement? So in Washington State, for example, typically, about 80% of first-time bar exam takers from an accredited law school will pass the exam. So it isn't meant to be a weed-you-out type of exam. Oh, and by the way, you only get three tries.

Kip Boyle: Oh.

Jake Bernstein: If you can't pass the Washington State Bar by the third time, you can't be a lawyer in Washington State-

Kip Boyle: Wow.

Jake Bernstein: ... because the bar exam here is about a minimum level of competence. It's not meant to do anything beyond that. It is to protect the public and ensure that every lawyer out there who hangs a shingle up has met what has been determined to be an acceptable minimum level of competence. And that's an interesting way of looking at things, right? And now keep in mind, too, that the legal profession has hundreds of years of tradition behind it that has made it so... Practicing law without a license is a crime. In Washington State, it's a misdemeanor. It can go up to a felony. There's fines. I happened to look up New York recently. You can go to jail for four years, up to four years, for practicing law without a license in New York State.

Kip Boyle: Geez.

Jake Bernstein: So, obviously, this has taken literally centuries of development-

Kip Boyle: To professionalize, yeah.

Jake Bernstein: ... and professionalize to make this happen. But if you think about it, the security industry is just at the very, very, very-

Kip Boyle: Oh, gosh.

Jake Bernstein: ... very beginning of this type of journey. And you think about the so-called learned professions, basically the ones that require graduate degrees, and they're all centuries old, right? Well, cybersecurity is an infant, if that.

Kip Boyle: It is.

Jake Bernstein: It might even just still be in utero for all we know. I mean, it's very, very, very young.

Kip Boyle: It's comparatively neonatal.

Jake Bernstein: It is. Oh, for sure. But I think that the recognition that cybersecurity is going to become or needs to become professionalized is widespread.

Kip Boyle: I think everybody does understand it. I often hear people compare it to a certified public accountant rather than an attorney.

Jake Bernstein: Yes. I mean, that really is what it is. And so to become a CPA, you don't have to go to graduate school necessarily. You can get an accounting degree straight out of undergrad, but those are just labels and specialization, right? At the end of the day, a CPA has to take an exam, swear an oath-

Kip Boyle: Get licensed.

Jake Bernstein: ... have someone to vouch for them. And to their credit, that's what (ISC)² has tried to emulate with the CISSP. You take an exam, you need to swear to an ethical code, and you need to have somebody vouch for you. And that's all... And as we already talked about, the CISSP doesn't work for entry level.

Kip Boyle: No.

Jake Bernstein: Just by definition, it doesn't.

Kip Boyle: No.

Jake Bernstein: So how does someone get started to be in this fashion? So you've got these fundamentals and practitioner level. And what order... I mean, clearly, fundamentals would come first.

Kip Boyle: Yes.

Jake Bernstein: But maybe tell me a bit more. Are you going to have textbooks? What kind of certification exam are you going to be using? You mentioned that they're validated or accredited. How does that all work, and what is your goal for Akylade?

Kip Boyle: Yeah, thank you. So let's see if I can give you some of this essential information here without diving too deeply on any one particular thing. So, first of all, we're partnering with a company called Certiverse.

Jake Bernstein: Yeah, I like that name.

Kip Boyle: Yeah, like Certificate Universe or Certification Universe, I guess. So Certiverse, they're innovative. What they say is, "You know, if you go through the traditional certification process, you can spend a hundred thousand dollars, and it'll take you months to validate that your exam is statistically reliable and so on and so forth."

Well, what they've done is they've innovated, and they can actually produce a comparable certification that's accredited in weeks instead of months based on a lot of innovation that they've applied to the process. So we've partnered with them. And they're so confident in their process, by the way, that instead of us paying them a hundred thousand dollars to do all of this, we do a revenue share with them.

Jake Bernstein: That's clever.

Kip Boyle: It's like the app store, right?

Jake Bernstein: Yeah, that's very clever.

Kip Boyle: We work with them. They get X percent, we get X percent. And so they're incentivized not to work with people who will not be successful because they have all this skin in the game. And they're also incentivized to make sure we are successful because the better we do, the better they do. So that's a huge boon for us is that we have a partner like that. So we're going to be accredited by Certiverse, and we're working... I could unpack that and tell you all the little details, and it makes my head spin. There's actually an ISO certification for organizations that issue professional certifications, and we're going to be pursuing that as well.

And let's see what else. We do have a textbook. And in the textbook, it lists all the exam objectives. And if you study the textbook along with the NIST Cybersecurity Framework publication, which is free, you have all of the basic essential information that you need in order to prepare yourself for both the fundamentals examination and the practitioner examination.

Now, one of the other hallmarks of a high-end certification is that you can get training to prepare yourself to take that examination from organizations other than the certification body. And so, we are going to have authorized training partners that can teach, prepare people to take our certification exams. And we're not a part of it. So, in other words, we say, "Here are the exam objectives. Here's the textbook. Authorized training provider, go ahead and create a training program."

So if somebody wants to get our certifications, and they want more than just a textbook and a NIST publication, they'll be able to do that. So that's some of the rigor around our certification and why we think it's great. And I should tell you that the cost for the exams is going to be in the $100 to $200 range rather than hundreds of dollars. And the textbook-

Jake Bernstein: Pushing-

Kip Boyle: ... just a few bucks.

Jake Bernstein: Oh, yeah, pushing a thousand in a lot of situations these days.

Kip Boyle: Yeah.

Jake Bernstein: I mean, they really are, one could say, getting out of hand-

Kip Boyle: Yeah. Well, we think it is.

Jake Bernstein: ... like the price of everything. Yeah. I mean, it just is.

Kip Boyle: It is, and it's exacerbating a problem that we all know we have, which is there aren't enough qualified cybersecurity people to go around. You can argue, is it really 3 million unfulfilled jobs, and we can quibble about the numbers and so on. We can also say that that's just a phantom and that the real problem is that companies aren't willing to hire people and train them. I think that's a factor as well.

But there's no doubt that the cost of obtaining essential certifications is a barrier to entry for new people, and we want to try to lower that barrier. And so this is a big contribution to the community. We're trying to solve a real pressing problem here.

Jake Bernstein: Yeah. So what kind of reaction are you getting from the community, speaking of the community?

Kip Boyle: Right. So if you are listening to this podcast and you're a subscriber to my Inflection Point, which is an email I send out every two weeks, you'll already have heard me talk in there about what we're doing. And many of the people who subscribe to my Inflection Point have hit reply and told me what they think of this.
So, for example, there was a cybersecurity hiring manager, and he said, "I want to get my team certified on the critical security controls. But the only training is by SANS," which SANS is an amazing training organization, but they charge $8,500 per person to go through their training.

Jake Bernstein: I was going to ask you, who do you think you're competing with? And right away, it's clear you're not necessarily competing with SANS because 8,500 per head, only the larger to largest enterprise-class companies can afford that. And we know because we've been doing it that it isn't just the largest enterprise-class companies that need cybersecurity workers.

Kip Boyle: That's correct. Yeah, absolutely. And a lot of people who are trying to get into cybersecurity are self-financing, right? They're paying for these certifications out of their own pocket, which I don't think is unreasonable per se, but at an $8,500 level, it's unlikely that individuals are going to be paying that money.

Jake Bernstein: Oh, no, I don't see anyone paying that. I mean, for one certification?

Kip Boyle: Right.

Jake Bernstein: No.

Kip Boyle: And you have to keep it current. So after two or three years, if you haven't done continuing education and you want to keep that certification... Which, by the way, comes from SANS, right? So it's a SANS certification, and SANS is the only authorized trading provider. We don't know anything about-

Jake Bernstein: And that is a common problem because... It's always economics, isn't it, Kip? Because for anyone who has any kind of credential, there's a legitimate need to stay current, right?

Kip Boyle: Yeah, especially in cyber.

Jake Bernstein: Doctors have continuing medical education. Lawyers have continuing legal education-

Kip Boyle: Yeah, CPAs.

Jake Bernstein: Yep. Obviously, there's all kinds of continuing professional education requirements. And it can get overwhelming. I mean, I now have to collect to collect credits to maintain my law license, to maintain my CISSP certification, and to maintain my International Association of Privacy Professional certifications. And it's a little... At some point, it does become ridiculous.

Kip Boyle: There's a burden there.

Jake Bernstein: There's a burden there. And then it gets even worse when a certifying organization decides that only it can provide CPEs for its certifications. That's a lock-in. That's the walled garden lock-in that people complain about all the time.

Kip Boyle: Yes. So yes, we have this problem in the market where you've got... The only way you can get a SANS certification, I'm just using them as an example, there's other examples, is you have to take their training. There's nobody else authorized to deliver their training. And I don't know, maybe SANS has a way where you can just take the certification without going through their training, but I have no idea if that's realistic or practical. So I don't know.

But my point is here is that here's a cybersecurity hiring manager telling me directly, "I'm getting creamed by $8,500 per head." And then he goes on to say, "And we wonder why it's hard to find qualified candidates." So he's putting his finger right on the issue, which is he wants people who understand and can apply the critical security controls, but due to the incredible expense of being trained to do it, there just aren't that many people available in the open market for him to hire.

Now, we're not doing critical security controls certification yet. We certainly could. And we have a roadmap, so we are looking for other opportunities to certify people to in-demand subjects. And I'll get to that in a second. So we also heard from an educator who teaches in the Asia-Pacific region, the Philippines, Thailand, Papua New Guinea, just all these places.

And he said, "This is great news and a step forward, especially for those professionals who need to raise money for most certification exams." So we're talking about certifications that are denominated in US dollars, but people in developing nations have to figure out how to raise what for them is a tremendous amount of money. If you think it's tough for an American worker to raise several hundred dollars or a thousand dollars or something like that to get a certification, well, what about people in developing nations? I mean, the barrier's even higher for them.

And so what we're planning to do, and we haven't gotten to this point yet, though, is to provide economic parity, so, in other words, to price our certifications so that they are reasonably affordable in countries around the world that a US dollar denominated certification is a real challenge.

Jake Bernstein: Yeah, for sure.

Kip Boyle: I want to share one more piece of feedback that we've gotten. This is from another hiring manager, and he asked a really great question, "How will the skills-based examinations be tested to make sure that candidates... That their knowledge is applicable and actionable?" And this really gets to the heart of it, doesn't it? Just to reiterate, our practitioner exam is really where that's going to happen. And it's based on scenarios where the candidate has to apply their knowledge to these real-world problems.

And one of the other ways we're going to make sure that our certifications can do this is we're forming an advisory committee of cybersecurity hiring managers. As far as we know, we don't think there's any other certification body out there that's doing this.

So I'm looking for 30 cybersecurity hiring managers who will join our advisory committee and have a voice in the creation of our certifications to make sure that we are conferring practitioner certifications on people who can actually solve real-world problems on the job to diminish the amount of paper tigers that are walking around out there and particularly ones with Akylade certifications.

So if you're listening to this podcast, and you think this is a good idea, and you'd like to be part of our advisory committee, shoot me a direct message on LinkedIn or just send me an email,, and I would love to speak with you about.

Jake Bernstein: All right. Well, shall we wrap up the episode?

Kip Boyle: Yeah, I think so. This is the end of our episode of the Cyber Risk Management Podcast, where we talked about a new IT and cybersecurity certification company, the problems that it's trying to solve in the open market. That company is called Akylade. I'm a co-founder. It's spelled A-K-Y-L-A-D-E. By the way, our next certification is probably going to be an IT risk management certification because that's another area where we already see there's a desperate need for people who know how to do that work. And on that note, we'll see you next time.

Jake Bernstein: See you next time.

Speaker 1: Thanks for joining us today on the Cyber Risk Management Podcast. If you need to overcome a cybersecurity hurdle that's keeping you from growing your business profitably, then please visit us at Thanks for tuning in. See you next time.

Headshot of Kip BoyleYOUR HOST:

Kip Boyle
Cyber Risk Opportunities

Kip Boyle is a 20-year information security expert and is the founder and CEO of Cyber Risk Opportunities. He is a former Chief Information Security Officer for both technology and financial services companies and was a cyber-security consultant at Stanford Research Institute (SRI).


Jake Bernstein
K&L Gates LLC

Jake Bernstein, an attorney and Certified Information Systems Security Professional (CISSP) who practices extensively in cybersecurity and privacy as both a counselor and litigator.