nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

The DoD and Certifications

bpenn

So, the DOD 8570.1 reg dictates the specfic certifications required to perform duties at each Management and Technical level. I have started to notice a trend in the government asking for more advanced certifications depending on your position but not compensating the individual for acquiring it.

For example, the government is requiring all ISSO/IAOs and Sys Admins in my company to either complete the CompTIA CASP or the CISSP. No if, ands, or buts about it. Already, only 4 out of the 16 employees have passed one (2 CISSP and 2 CASP) and 2 of those have already accepted new jobs thanks to the benefits that acquiring these certs can do for one's career working in the DOD. It seems like requiring employees to obtain certifications should be rewarded somehow or it will just be counter productive.

Anyone else experiencing this issue?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

jvrlopez

I have seen this happen as well. As a contractor, it is up to your company to ensure that you are paid in accordance with your skills, experience, education, and certifications. A few individuals I know make it known that they require compensation in line with the certifications mandated by the government for their position, be it if they hold them currently or are expected to obtain them within a certain amount of time.

Not sure how it works for GS civilians. I believe there is a way in which they can receive extra pay based upon skills. If you're active duty, you're out of luck and can only make what the pay chart dictates.

Some of this falls upon the government as well. Expecting every IAO or System admin to have a CISSP is a little overkill. It seems that they're using the higher end certifications that meet all IAT and IAM levels as a catch all to ensure the positions are able to perform all duties, even if the certification doesn't really align with that position in my opinion.

The number of CISSPs that I work along with is way too many.

Xavor

If they add the job requirement, and you do it, then at your annual review bring that up as a reason for promotion. You met the new requirements for continuing a contract. If they come up with "oh we paid for that class or training" it may be time to look for employment elsewhere.

We had it mentioned that sysadmins "may" have to do CISSP and/or CASP and we said to put it in writing. Nothing back on that for 5 months now.

kiki162

bpenn - that has been in place for more than 10 years+. Now that may vary depending on which agency and when they incorporated it. It really depends on the job requirements. If you have SA rights on the network the min. is IAT II, last time I checked.

I've worked in the government for a long time, and if you are on the GS/gov't side, some agencies will pay for it. If you are a contractor, most of the time you are out of luck and need to do it on your own.

Of course it's natural to want or think you'll get extra money out of the government. My advice, do your "due diligence" and do it on your own, then find another spot that will compensate you for your time. Really the only benefits of staying with the government is the pension, and if you like to be on "auto pilot" and stay in a somewhat comfy/semi-secure job. Get what you can out of your position, and move on. There are plenty of companies out there that will compensate you for your accomplishments, and even better when you get a company that requires and pays you to further your certs.

TechGuru80

Simply not how it works in most places. By getting a certification you are qualified for a job and that is the benefit. You have to invest in yourself regardless of your employer compensating you.

TheCudder

TechGuru80 wrote: »

Simply not how it works in most places. By getting a certification you are qualified for a job and that is the benefit. You have to invest in yourself regardless of your employer compensating you.

I think what the OP is getting at is his current role only required IAT-Level II (Security +) to be hired on. But x number of years later, they're being told to become IAT-Level III qualified (CISSP or CASP). So basically the IAT-Level II / Security + qualification puts you into one pay grade, but in DoD, having the IAT-Level III / CISSP, you're qualified for an entire new scale of pay ($10-$20k) extra for DoD jobs that ask for IAT-Level III on the original job posting.

My advice to OP, do like others have, move into a new position once you obtain the CISSP. There's no reason to stay in a role that only truly requires (and pays for) IAT-Level II when you're now qualified for IAT-Level 3 positions. As some one already mentioned, it's up to the company to pay your for your skills and qualfications, and every defense contracting company has their own policies on such.