The International Association of Privacy Professionals (IAPP), SANS Institute, and other organizations are releasing new AI certifications or adding new AI modules to existing programs in the areas of governance and cybersecurity. These may help professionals find jobs, but because the field is relatively new, experts warn that certifications could quickly become outdated.
Data protection and privacy make up about a third of AI governance, J. Trevor Hughes, founder and CEO of IAPP, told CSO. The rest include algorithmic bias and fairness, intellectual property and copyright of both training data and AI output, content moderation issues, trust and safety issues, and a team that oversees all of these issues. Includes administrative aspects of organizing. “If we look at the wider world, we see that privacy professionals and cybersecurity professionals have incredibly transferable skills. If they can increase their training and awareness in AI governance, , we will be able to scale faster to meet the needs of hundreds of thousands of governance professionals over the next decade.”
AI Governance and Cybersecurity Certification Case Studies
As the adoption of generative AI moves forward at a breakneck pace, companies will increasingly seek out AI governance and cybersecurity experts. Also, the field is so new that very few people have actual experience working in it. As a result, training and certification programs will proliferate to fill the gap.
Forrester analyst Jess Byrne calls this the “certification industry complex.” “Everyone wants this,” she says. However, when you add in all the necessary training, certification can be expensive. Also, just because you have a certification doesn't mean you're competent in that field.
Dan Mellen, principal and cybersecurity CTO at EY, says now is the perfect time to start thinking about AI governance. He said, “Generative AI is becoming a reality and starting to move forward. The level of confidentiality requires some kind of baseline understanding, and the Generative AI Certification achieves that.”
David Foote, principal analyst at Foote Partners, said the firm tracks eight AI-specific certifications with enough data to be included in the IT Skills and Certification Salary Index. Additionally, other cybersecurity certifications he tracks also include AI-related content. But companies typically pay more for proven competency than for certifications, he says. “It doesn’t matter whether a candidate is certified or not, as long as they can demonstrate that they have mastered and can apply AI governance and cybersecurity skills. I believe in my ability to give.”
Other critics say the field is too new, best practices have not yet been defined, and laws and regulations are still evolving. Even if certifications cover useful content, they expire quickly.
New AI Governance and Cybersecurity certifications, on the other hand, cover the fundamentals needed to speed up, create a foundational layer on which to build later, and create a common language for practitioners to use, and typically Includes ongoing training requirements to: Help people stay up to date.
AI Governance Training and Certification
IAPP's first AI Governance Professional (AIGP) test was taken by 200 people in April, and future tests, like many others, will be administered virtually at test centers around the world.
The IAPP test costs $649 for members and $799 for non-members, has 100 questions and takes approximately 3 hours. Additionally, the training program costs upwards of $1,000 depending on whether it is in-person or online, and requires you to take eight different modules.
ISACA has an AI Fundamentals certificate that includes risk and ethics requirements. Tonex offers the Certified AI Security Practitioner certification course. GSDC offers the Generative AI Certification in Cybersecurity. This certification covers not only how generative AI can be used to benefit cybersecurity, but also ethical considerations and best practices for responsible use.
Here are all known AI governance trainings and certifications at the time of publication, listed alphabetically by organization.
Benefits of AI governance and cybersecurity certification
The ability to have a common language and a set of core guiding principles was why Wipro sent its entire AI task force to undergo IAPP's AIGP training, said Ivana, Wipro's Chief Privacy and AI Governance Officer. Bartoletti told CSO. “We have people with legal backgrounds, technical backgrounds and risk management backgrounds,” she says. “Whether you're a change manager, a programmer, or a lawyer, it's important to agree on the key points of terminology and governance.”
Bartoletti believes it's not too early, because “AI needs to be governed.” In fact, there are already several laws in place, including Europe's AI law and President Biden's executive order. But even if this is not the case, there are privacy laws, security controls, anti-discrimination laws, etc. that also apply to generative AI.
“Of course, governance is an evolving issue,” Bartoletti said. “But we can't just look at it in the context of legislation or wait for standards to be developed. Governance is really about, 'How do we, as an organization, manage the development and deployment of our systems? “about it. ”
The first step is adjustment. This ensures that everyone from HR to coding has the same core understanding of what the principles of AI governance are.
For Bartoletti, the privacy benefits of IAPP's AIGP certification made it a natural choice for the task force. “Privacy is my baby, so I may be biased, but I feel that privacy professionals are well equipped to deal with AI governance. We take a risk-based approach to technology. We have to manage it properly, but at the same time we have to keep the business running.”
Bartoletti himself has undergone training. According to her, the work took her two weeks and was done by a real human, and because Wipro is a global company, it was all done remotely. She says clients want their consultants to have formal certifications. It shows that the person has taken the time to study and is not just improvising. “The area of AI governance and risk is one where you don’t want to improvise.”
Certifications combined with a strong track record of practice provide a powerful competitive advantage. Bartoletti expects more certifications to be issued once formal standards are released, covering specific topics such as how to comply with EU AI law, NIST, and other rules and regulations. doing. “I think there will also be a lot of attention in specific areas, such as managing AI in healthcare and financial services.”
Certifications like AIGP are especially valuable for consultants, agrees Steve Ross, director of cybersecurity for the Americas at S-RM Intelligence and Risk Consulting. “Our customers are experiencing uncertainty,” Ross told CSO. “They want to increase their use of AI, but no one knows how to use it safely, reliably, and ethically. And they’re looking for people they can trust to do it.”
As a result, clients will be seeking certification over the next two to three years. “I don’t have any of these certifications, but I’m thinking about getting them,” Ross adds. He thinks things like AIGP qualifications are interesting. “I attend his IAPP events and appreciate the community's focus on not only data privacy but also the legal implications. That's the certification I'm aiming for first. is.”
Ross is also interested in the required SANS AI Security training because he likes “the quality of content that SANS provides.” And he says he will also consider qualifications when hiring. “I like people who have a well-rounded skill set. A background in AI is great, but so is an understanding of governance, risk, and compliance.”
However, not all companies consider certification itself to be the most important thing. “Our reputation tends to precede itself,” EY's Mellen told CSO. “I'm more interested in people with actual technical experience than letters after their name on their LinkedIn profile. I've worked in this field for 25 years and have met people with numerous career certifications. And while it's sometimes great to understand textbook answers, they don't always work in real life.
Cons of AI Governance Certification
For critics of new AI certifications, the field is too new. “Having governance in place is very important, but it's also where we need to evolve further,” says Priya Iragavarapu, vice president of data science and analytics at management consulting firm AArete.
On the other hand, enterprises have industry-specific risk management requirements such as data governance, technology governance, and financial services. There are also specific technical certifications for individual cloud platforms, machine learning, and data security. “For now, we're going to follow the technical specifications,” she says. “Technical capabilities will improve, but AI governance is not yet here.”
“I value data governance experience over AI governance certification,” says Nick Kramer, vice president of applied solutions at management consulting firm SSA & Company. “With these new skills, by the time you finish the course you will probably already be changed.”
Taylor Dolezal, CIO and ecosystem lead at the Cloud Native Computing Foundation, says he appreciates efforts to create AI governance standards, but says the field is too new and changing too quickly. “We're still trying to figure out how to configure everything together. Those standards aren't out yet.”
It is too early to say what path an organization should take to deliver its desired results.
Another problem is that certifications are typically valid for two to three years. IAPP's AIGP lasts for two days. “My concern is how long that certification is valid. The space is changing very quickly,” Dolezal says.
“One of the basic assumptions of any authentication is that it has to be a mature domain,” says Chirag Mehta, an analyst at Constellation Research. “You can't certify someone until you're sure of what it is. We're not there yet. In some ways, it's smoke and mirrors.” Technology is moving from day to day, not month to month or week to week. , AI certifications are less valuable. “Our guidance for CISOs is that if you want someone who has exposure to generative AI, a certification demonstrates the potential to learn new technologies and embrace what's to come,” Mehta said. Masu. “Take this as a positive signal, but don't take it as evidence that they know anything.”
The industry should not wait until standards stabilize
IAPP's Hughes acknowledges that AI governance is a changing goal, but says waiting for standards and best practices to materialize is a foolish argument. “There are huge risks with AI. We know there are huge risks. Should we stop building governance controls? Should we stop training our experts? We don't want to wait for it to arrive. We need to exert good governance and control over AI from the beginning, rather than at some point in the future when courts or other slow-moving public policy systems make decisions. There is also no need for legislation to be enacted to perform AI impact assessments; there is no need to tell a court that a particular outcome is discriminatory; it is good business and there is no need for trust and safety in these innovations. Building on that allows us to transition in a faster and more stable way, so we should consider that regardless of what the law says.”
Hughes said IAPP is working to develop safety standards that will allow for faster adoption of this technology and a faster transition in a safe manner. “When we deploy AI with better evaluation and control, technology can move more smoothly in society and accelerate faster toward a positive and beneficial future.”
This is a position that Christopher Puckett, Chief Digital Transformation Officer at Allstate, fully agrees with. “It's important to be aware of these warning signs and worry about them before something bad happens.”
Being thoughtful about responsible AI and paying attention to AI governance is important for businesses today. “Whether it's a certificate or something else, it's an absolute necessity for us,” Paquette said.
