Teaching to the test? continued

This post is part 2 of “teaching to the test“. 

We just reviewed differing opinions on whether it’s okay to teach to the test, and I promised to tell what approach I was taking in ISU’s Industrial Cybersecurity Program.

In my program, I require a Professional Certification course. It’s really a professional preparation course, but the main thrust is obtaining the SSCP cert.


  • First, I want my program to tie to some external validation point.
  • Second, I want students to enter my program clearly expecting to take and pass the exam.
  • Third, no single existing certification will accurately reflect what my students know and can do as they bridge IT and OT.
  • Fourth, the class covers a breadth of cybersecurity content not covered in other classes – so it’s not just review.

I specifically chose to have a class that teaches to this exam because that way the “narrowing of scope” that concerns Ravitch and Schou (see previous post) are concerned is confined to a single space and time.

If content from that course spills into other courses, or vice versa, that’s a benefit rather than a drawback.

I chose the SSCP cert because it is an appropriate medium level certification. It has a reasonable price point for students, and is tied to a nonprofit membership association — the (ISC)2. Thus, the certification is tied to professionalism rather than merely a credential. Moreover, maintenance of the certification requires continuing professional education credits. It also requires adherence to a formalized statement of ethics. I encourage my students to participate in the ISC2 Idaho Chapter.

Students are required to take the exam, and it’s costs are included in the course fees.

I also use this course to ensure students transition to the workplace. They are sharpening the resumes, honing their social media profiles, and conducting mock interviews.

Posted in Uncategorized.

Leave a Reply

Your email address will not be published. Required fields are marked *