All entities, regardless if "for profit" or "non-profit" that perform a service, including free services, are subject to some regulatory environment. Most companies are unaware of this and struggle to find what is right for their situation while still focusing on profit. Other companies focus only on profit and end up finding themselves in a regulatory nightmare and possible legal or financial sanctions.
These legal or financial sanctions can devasatate companies that don't take this seriously and have, more than once, put a company out of business. Other companies are a little better off and only take a huge financial penalty in fines as well as lost customer business due lack of customer faith. It's unfortunate and quite a few companies are intentionally gambling on their future with this uncertain potential for sanctions.
Arrakis is routinely called in to support companies in deep need of expertise to reduce the potential of this risk however this is almost always after the fact and quite often when the client is on the brink of a possible investigation or audit. Additionally, Arrakis is called in because one of the companies clients has detected, or suspects, an environment that is not quite the same environment the company has advertised to the client. Ultimately, the client has to determine if the company is a safe best to do business with and Arrakis generally helps the company keep that client.
However, consider this, wouldn't it be more beneficial to the company if the company understood their regulatory environment better? Wouldn't it make better sense to have a consultant support your internal efforts where you are less reliant on the consultant as opposed to more as well as be better prepared to support that regulatory environment after the consultant departs the project?
Arrakis can help you become familiar with your regulatory environments and provide comprehensive training to enable your personnel in a manner where they are better armed to deal with regulations and auditors. Additionally, Arrakis can provide consultative advice on how to better align with those regulatory requirements and possible loopholes to reduce effort but remain complaint.
However, assuming you are an individual, why should you care about training and certification. The answer is simple and for a few reasons, certifications are universal in nature and generally skill based. For example training to learn ISO27001 will apply for any company, the same way, anywhere in the world. Companies need help from certified persons either as consultants or inhouse...but the training doesn't change. Learning how to use a Cisco router, and get your CCNA, will result in implementing the learned knowledge the same way regardless if the company is Fortune 10 or a small 2 person start up.
Of course some certifications are more skill based while taking the test also. For example, taking a Cisco CCNA test you will be expected to configure a virtual router from the command line versus a CISSP test where you will only regurgitate knowledge. Obviously any hands on test will require hands on practice before taking the actual test...reading alone won't cut it.
Additionally, several companies view certification as more important than having a college degree. If you are one of those guys that have trouble in a long term educational environment but do great in a short term hands on environment then shorter week long IT bootcamps could be your thing. Maybe you just do better reading at night and taking a very slow pace of things rather than a school environment or bootcamp...any of that can still lead to passing the proctored certification test. Maybe you are one of those persons that doesn't want to take on a huge amount of student debt but can afford a few thousand to get quick training and certified faster.
Not to mention that in an equally competitive world, if you are higher certified or more certified than other candidates seeking the same job then you have a higher chance of getting employed or securing that contract.
As of this writing there are 500K unfilled cybersecurity jobs in the USA, with 4M across the globe. For realtime stats you should check out the Cyberseek.org heatmap below.
Reviewing this heatmap can also provide for some educational intelligence in which certifications to seek. for example, there are more job openings (as of this writing) for CISM, CISA, and CISSP and an extremely low number of CIPP personnel. The certification that has the highest holder count but the lowest job count is CompTIA Security+. It is important to note that Security+ is required for US Government work in specific areas and the US Government generally also do not post jobs online when it revolves around enlisting in the military.
If you are interested in a possible career pathway, please check out this dynamic graph that can give you some ideas of what to expect.
All Arrakis personnel are not only trainers in an International setting but also practice what they preach when providing consultative services to regulated clients.
Specific regulatory environments Arrakis can train your personnel on are:
Other training areas that Arrakis can help you out with are:
Arrakis does also have PECB certified trainers on staff which allows Arrakis to provide accredited training that can lead to actual ISO certification. Additionally, the accredited training also provides for continuing education credit for other certifications such as ISACA or ISC2.
All training is performed in person and can either be in a remote location or at your facilities, at a reduced cost, based on your needs.