This post is part 2 of “teaching to the test“.
We just reviewed differing opinions on whether it’s okay to teach to the test, and I promised to tell what approach I was taking in ISU’s Industrial Cybersecurity Program.
In my program, I require a Professional Certification course. It’s really a professional preparation course, but the main thrust is obtaining the SSCP cert.
- First, I want my program to tie to some external validation point.
- Second, I want students to enter my program clearly expecting to take and pass the exam.
- Third, no single existing certification will accurately reflect what my students know and can do as they bridge IT and OT.
- Fourth, the class covers a breadth of cybersecurity content not covered in other classes – so it’s not just review.
I specifically chose to have a class that teaches to this exam because that way the “narrowing of scope” that concerns Ravitch and Schou (see previous post) are concerned is confined to a single space and time.
If content from that course spills into other courses, or vice versa, that’s a benefit rather than a drawback.
I chose the SSCP cert because it is an appropriate medium level certification. It has a reasonable price point for students, and is tied to a nonprofit membership association — the (ISC)2. Thus, the certification is tied to professionalism rather than merely a credential. Moreover, maintenance of the certification requires continuing professional education credits. It also requires adherence to a formalized statement of ethics. I encourage my students to participate in the ISC2 Idaho Chapter.
Students are required to take the exam, and it’s costs are included in the course fees.
I also use this course to ensure students transition to the workplace. They are sharpening the resumes, honing their social media profiles, and conducting mock interviews.