This post is three years old, but I’d like to pose the question to the Lobster’s community to see if the general engineering opinion has changed.

I’m interested in becoming a security resource for my team, and my employer is interested in paying for it. I’m not interested in getting a Masters in cyber security, but I’d like to have more authority behind my voice than “I read a few security books.” Certificates seem like a natural solution to this problem, but I see the following issues:

1. Certificates are mostly focused on IT operations, not software development.
2. The few certificates focused on software development (like the CSSLP) are young, not well refined, and not well accepted.
3. Some companies (Fog Creek) actively discriminate against software engineering candidates with any certificate, given the prevalence of useless certificates in the industry.

So Crustaceans, what do you think about security certificates for software engineering? Worth it if company pays for it? Just learn the material and declare myself a security engineer without getting the cert? Go get a masters if I really want to call myself a security engineer?