Blockchain: A Solution for Industry Credentialing?
Blockchain, the distributed ledger technology powering Bitcoin, is a simple and elegant solution for recording transactions that may well outlive the digital currency it was designed for. There are many people exploring a myriad of new applications for blockchain, and I am no exception. I have been thinking about ways to apply this within the information security industry and to Cloud Security Alliance projects. One area of interest is to use blockchain within IT audit and assurance to enable continuous monitoring. In this particle article, I want to discuss a different idea, to apply blockchain to create a way to manage and measure life experiences relevant to the development of information security professionals. Being able to prove one’s true skillsets in a standard and transparent way I believe can have enormous benefits to individuals and the industry as a whole. With Bitcoin, blockchain enables a digital currency. What is your professional experience, if not just another currency?
There are already projects underway to apply blockchain to academic credentialing, and I have talked to a few of them already. Blockcerts, from MIT Media Labs, is one example. I would imagine my concept, which I call OpenCPEs (short for Open Continuing Professional Education credits) would use a project already underway, although I haven’t found a project that fits hand in glove with what I have in mind. There may well be a lot of related work I am not aware of and groups that are much further along than my primordial thinking and I would love to hear about it.
Think about any popular information security certification, perhaps one that you hold. You know there are people who have done the bare minimum of work to qualify for that certification. Then there is the person with that same certification plus 30 years experience who has forgotten more than that newbie will ever know. Think about the information security professional who doesn’t want to sit through a boring webinar to maintain a credential, but that same person just discovered a major operating system vulnerability. Wouldn’t it be great to have the operating system vendor reward that person with life experience credits? OpenCPEs is an idea to differentiate between the widely varying competencies of the people in our industry.
What is OpenCPEs?
OpenCPEs is the concept for a blockchain-based framework for managing Continuing Professional Education (CPE) credits as a pseudo digital currency. OpenCPEs will allow individuals, professional accreditation bodies, conferences, and all other members of the information security community to submit, validate and consume CPE credits. The OpenCPEs framework will include a combination of technical specifications, submission guidelines and the proposed governance model.
How will OpenCPEs benefit the industry?
As a publicly available ledger of security industry educational activities, OpenCPEs will enable automation and interoperability between companies that create great educational opportunities and associations that provide leading industry credentialing. We can all work together to reward professionals seeking to participate in the industry and increase the provable expertise of the industry as a whole.
How will OpenCPEs benefit the professional accreditation bodies?
By simplifying CPE submission and opening up new ranges of activities to CPE recognition, we reduce the friction for professionals seeking to obtain and maintain a certification and increase their overall loyalty to associations providing desired professional certifications.
How will OpenCPEs benefit individuals?
OpenCPEs will provide an avenue for information security professionals to receive credit for many worthwhile activities they participate in and simplify self service submission of CPE credits. Information security professionals have an opportunity to differentiate themselves from the pack by accumulating high quality CPEs in the quantity they desire.
How will OpenCPEs benefit employers?
Employers will be able to distinguish between candidates who have maintained the minimum amount of activity to maintain their industry certification and those who truly excel and have accumulated a tremendous amount of educational experience.
How will OpenCPEs benefit other parts of the information security ecosystem?
Conference providers will increase attendance by guaranteeing a simplified and automated process to award CPEs to attendees. Professional associations, open source projects and many other groups will be able to increase participation by rewarding individuals with CPE credits. Think of this as an additional system of rewards that virtually any organization within the industry can leverage to incent and recognize stellar information security experts.
How will OpenCPEs work?
Much of this is up in the air until we get a few people together for the framework design. The information security community is growing rapidly, but still is led by a small number of associations, vendors and major conferences. We should be able to rapidly prototype a system with the involvement of a few major players. OpenCPEs will likely leverage the Open Badges standard for digital badges for displaying and proving learning achievements. OpenCPEs will leverage blockchain for recording CPEs that can be submitted by virtually anyone: individuals, professional accreditation bodies, employers, research institutions and many others. Professional accreditation bodies administering a specific credential will have their own rules as to the CPEs that will be accepted out of the blockchain and the notion of authoritative CPE providers will evolve over time and through the governance model. Not all CPEs will have the same level of trust, the blockchain will provide the necessary transparency to allow for market forces to recognize quality CPE providers. Some sample user interfaces should be created on popular platforms to catalyze development, I expect a wide variety of applications to automate and integrate these functionalities within the ecosystem.
I humbly submit this idea to the public. Pride of ownership is not nearly as important as seeing this concept, and our industry, flourish. Feel free to let me know your thoughts!