Problem solve Get help with specific problems with your technologies, process and projects.

Developing a security vendor certification strategy

With so many security products and companies out there, it can be difficult to decide which vendor certifications are worth your company's time. Developing a security vendor certification strategy can help ease some of this difficulty and end up being a benefit to your business.

Security technologies are complicated and often require in-depth training and education to ensure engineers and technicians understand how to deploy and optimize them.

Most vendors offer training and certification programs for both technical and sales staff. The requirements of such security product certification programs may be as simple as an online class or as involved as a long-term training and education regimen.

While the benefits of security product and vendor certifications may seem obvious, obtaining certifications for specific products does carry some risks and drawbacks. Like any aspect of selling security products or services, it is vital to understand the certification landscape and create a cohesive certification strategy. In this tip, we'll examine some methods of developing such a security vendor certification strategy, and how solution provider organizations can make the most of vendor certifications.

Security certifications have value

Security certifications are investments. All investments have value, but the extent of that value fluctuates depending on many circumstances. Like any investment, a certification should provide a return that benefits business. A good security vendor certification program should deliver three types of returns:

  • Relationship capital: Having a certified staff demonstrates commitment to the vendor (and its products), which can be translated into relationship capital. Relationship capital should provide better standing with the manufacturer either in terms of additional margin or access to additional products.
  • Market capital: Vendors naturally want to work with solution providers that have certified engineers and salespeople. Therefore certifications should deliver additional market opportunities.
  • Knowledge capital: Certifications should inject knowledge and expertise into a business. This should make a VAR's business more adept at delivering relevant products and services, as well as leveraging that knowledge for profitability.


Another thing to consider is the cost of the certification. "Free" training is never really free. All certification programs will cost something, either in terms of direct expenses or downtime. Traveling to a training class or enrolling at a local testing facility will incur expenses, and ultimately will mean less time for billable work.

If certifications require a significant time investment, it's important to make sure that investment is worthwhile. A good rule of thumb is the "10X policy." For every one dollar invested in certification, VARs should get a minimum of $10 in return. So a class that costs $10,000 in downtime and $2000 in travel expenses should yield at least $120,000 in net income within a year and more in subsequent years.

Not every partner will provide that kind of return. This is where VARs must analyze the market and the partnership closely.

Know the market

It is easy to become lost in vendors' sales talk. Before investing in any certification, VARs should examine the market for the product and be on the lookout for these red flags:

  • Market saturation: How many other resellers does the partner have in your region and/or niche? It is more difficult to differentiate value in a saturated market. However, if there are few or no certified partners, then exclusivity may drive business to you.
  • Brand value: Some brands are simply more valuable than others. Nobody is going to argue that Cisco Systems Inc. and Microsoft are extremely powerful brands. Likewise, Cisco certifications carry greater weight because of the brand value. XYZ Corp. may have the most amazing technology ever made, but if its brand is unknown and its market share is small, then its certification will not have much value.
  • Go-to-market strategy: What is the marketing strategy of the partner? Does it align with your business model? If a partner has a strategy that is focused on direct sales or heavy use of direct marketing resellers (DMR), then the certification may be a waste of time.
  • Pricing model: What will the certification provide in terms of pricing? If having certified staff will deliver better margins, then clearly there is value in it. However, be wary of "dark margin" handed out to "special" partners regardless of their certification status. For example, a vendor may offer a large reseller, whom it wants to sign up, special SPIFFs (bonuses for making a sale), marketing money or resources, which allow them to underbid certified resellers. These little back-room deals will erode confidence and ensure channel conflict, ultimately diluting the value of the certification.


Get the requirements in writing

Every certification program is different, and some are complex. Solution providers should know what the vendor expects and what needs to be done to obtain certification.

Demand a clear understanding of the path to certification. Is there a series of classes, online training requirements or tests? Companies with mature channel programs have such information clearly defined, but immature companies may lack such clarity.

Be wary of any company that changes partner requirements frequently or arbitrarily. For example, after obtaining your certification, if a vendor inexplicitly raises the number of certified staff you need or increases the sales attainment goals, it almost always indicates channel immaturity.

Study the relationship

Certification is a commitment from the solution provider to the vendor, so the relationship needs to be carefully considered. There are some key questions to ask in this regard:

  • What is the financial situation of the vendor's company?
  • Are the channel and sales people trustworthy?
  • How is channel conflict handled?
  • What is the vendor going to bring to the relationship?
  • How mature is the partner program?
  • Is the partner trying to sell you?


The quality of a partner relationship and its potential should dictate your willingness to obtain certification. There is no point in wasting resources on certifications for partners with untrustworthy channel managers or flimsy channel programs. Both sides must benefit from a partnership. Study your interactions with the partner. Is it productive, pleasant and honest? Are expectations clear? Also trust your instincts and common sense. As the saying goes, if something seems too good to be true, it almost always is.

Prioritize and incentivize certifications

Once you have an idea of the market, your relationship with the vendor and the requirements of the certification program, the next step is to prioritize certification goals. Vendors who offer higher brand value, greater opportunity and greater potential for profit should always supersede those with lesser value or opportunity. Moreover, align certifications with your business, and focus on what makes money.

It's best to set yearly or quarterly certification goals, based on an objective analysis of your business, market position and relationship status with partners. For example, set a quarterly goal for engineers to obtain three vendor certifications that align with your business objectives. Since some technical staff and salespeople alike sometimes view certifications as annoyances, it's a good idea to offer a bonus or other incentive for meeting those certification goals.

More on security certifications
Security certifications can boost your solution provider business

CISSP Study Guide

While it's easy to demand people obtain certifications, incentive programs work better. Encouraging staff to pursue certifications on their own time raises the value of the certifications and generally will make staff more successful. (Technical gadgets like iPods, video game consoles or cool new cell phones are always good options to use as incentives with engineers.)

Another strategy is to make use of entry-level or intern staff to obtain certifications. This can be presented as a valuable part of their training, providing a mechanism for advancement, as well as benefitting the company as a whole.

Market and track certifications

It can be easy to lose track of which certifications your business has and who has them. Make the person responsible for partner relations be responsible for monitoring and tracking certifications and their expiration dates (if applicable) for certified staff. Keep copies of all certification materials on file.

Also, make sure the partner updates its website or marketing materials to include you as a certified partner.

Lastly, if the certification includes marketing benefits, like market development funds (MDF), determine how these benefits are distributed and how to use them. Marketing incentives can help you promote your business and develop new leads. Ask your channel manager who the key marketing people are and develop relationships with them as well. You may be able to leverage the marketing resources of your partner to develop special events, trade shows and other marketing campaigns.

Certifications are a fact of doing business as a solution provider, and they can't be avoided. If solution providers approach them with some strategy and a view of the larger place they occupy in business, they can ultimately be used to the solution provider's advantage.

About the author
Andrew Plato, CISSP, CISM and QSA, is president and principal consultant at Anitian Enterprise Security. Andrew has over 15 years of experience in information systems, networking and computer security. Prior to running Anitian, he was a database developer and technical writer for Microsoft. In 1997, he helped start up Network ICE Corp., which marketed the first protocol analysis-based intrusion prevention system.

Dig Deeper on Employee Training and Development for MSPs

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.