Infoworld tells employers to quit sniveling about their workers not having enough skills and train them.

Sounds good. It worked in the organization where I work.

The word came down late last year that we were deficient. We needed another CISSP, and we needed two more people with Security+. Rather than hire another CISSP, they gave me the option to study for it and get it by April. Additionally, two coworkers who didn’t have certifications were told to get Security+.

This sends two messages. One message is that if you don’t get certified, you’ll be replaced. But it also sends a positive message: The organization believes in you. After all, some organizations would prefer just to trade their workers in for new ones.

What happened? I scheduled my CISSP exam for late January and spent about eight weeks studying like my career depended on it, the logic being that I would know by mid-March, at the latest, if I needed to take it again. Then, if need be, I could take it in mid-March, hopefully pass, and know by the end of April. Fortunately, I ended up not needing to take it a second time.

My two new Security+-toting coworkers spent about six weeks studying like their careers depended on it, took the test this month, and passed.

We did it entirely through self-study and mentoring. We bought books, we watched video lectures on computer, and our certified coworkers mentored the candidates. When the candidates had questions, the certified spent time with them answering questions and giving advice.

In the process we gained the new skills we needed, and without losing existing experience and institutional memory. Everyone won.