Why aren't Real Security Doctor courses certified?

This is a fair question. I should take a moment to explain. This might be more a detailed and nuanced decision than it appears.

Let's start at the beginning.

For anyone creating and selling a course, there are four options - at least here in the UK.

1. Go the formal route. This involves paying to work with an Awarding Organisation (AO), regulated under OFQUAL. Examples are City & Guilds or Edexcel. You can design your course to go onto the QCF - Qualifications and Credit Framework. That makes it a 'proper course', like GCSEs, A-levels and degrees.

2. Go the formal route...halfway. Instead of the QCF, you can pay to have your course added to the CQF -Customised Qualification Framework.

3. Establish yourself as a certifying body under ISO17065, and then create your programme under ISO17024. This is how 99% of the industry operates today, and all the certs that you can think of work like this.

4. Don't bother. Nobody cares about certificates anyway. There are too many out there. What matters is the content.

Let's examine each of these 4 options. I worked for an AO, helping training firms design their qualifications for either QCF or CQF. I know how that works.

1. Option 1 is a non-starter. It's very expensive, and you lose complete control of your intellectual property. When a programme is entered onto the QCF, its structure, learning outcomes, assessment criteria, assessments and everything else become publicly available. Anyone can approach the AO and say they want to deliver it, then download the information necessary to do so. There is no control over whether the people teaching it are qualified or competent to do so.

2. Option 2 is just as unappealing. When you work with the AO towards a CQF certification, most AO's will demand ownership of the IP, despite that it's your work. All they did was argue the toss over the choice of a word in the assessment criteria. They'll then charge you a premium for each certificate you award. Bear in mind that this is little more than an attendance certificate because, despite the long arguments about learning time and credit value, nobody will recognise it. Most people will have never heard of your course, and no employer will be demanding it on your CV.

3. You could go the ISO route. This is hideously expensive and requires a large organisation to operate properly. You might not know this, but you should be able to get a CISM without having to be a member of ISACA or doing the course. There are strict stipulations in the ISO about this, but nobody seems to know or care. If you did an equivalent programme to the official CISM and passed the exam (or even self-studied) they cannot deny you the cert. (My own [U]ncertfied CISM + programme blends the CISM and CRISC together as it is basically one course anyway). You also don't need to be a member, despite that they will offer 'discounts' if you are. There is also the small matter of conflict of interest, where I cannot teach people and then deliver my own exams to them. I'd be marking my own homework, essentially, which creates an issue in the validity of the results.

   Factor in the idea that multiple-choice exams are the lowest level educational assessment in the UK. We're talking level 2 - the same level as a Security Guarding certification on the QCF. And that is the level of education we are promoting to security executives. They'll all call themselves 'professionals', but you won't find a fucking lawyer or doctor who got their position doing a couple of pub quizzes. These multiple-choice 'assessments' are not written by anyone who understands qualification design or assessment design, and are built to be scalable so they can keep the money machine rolling without much human intervention.

   I once looked at certifying my own programmes, and after long deliberation, I realised that I am not a big enough cunt.

4. The only rational option. If people ONLY want the cert, they clearly don't care about the knowledge or the value that comes from having it. These people are not viable clients and can be ignored.

After knowing how it works and seeing for years how it really works, I decided to do my own thing. I refuse to participate in broken, corrupt systems. People who want to learn, and who value what they will become from engaging with me...get what they came for. They'll destroy their competition at interviews because they'll represent very differently from some certificate-chaser who can only pass a multiple-guess exam.