There's been a great deal of recent discussion of two phenomena - convergence of information security with traditional security, and the closer alignment of all areas of IT with business behavior and objectives. Multiple cross-disciplinary certifications or degrees are a logical outcome of these patterns, and I expect will become more commonplace in future. I've held multiple certifications for years, adding to my knowledge and to my ability to guide my employer. The key is to select those areas of study that will best complement one another, rather than duplicate or being too much unrelated. As I tell my staff - know everything about something, and something about everything...

Dual Threats seems to be an appropriate pathway to senior management in terms of CISO, CSO, CTO, etc. Having an MBA/MPA/MPP along with an undergraduate degree in Business Administration, Information Systems, Computer Science, etc. has long-term effects from a structure, knowledge and discipline perspective. Additionally, industry certifications (e.g., CISM, CISSP, etc.) have value, as well. Nevertheless, its value seem to be have short-term benefits depending on the type of certificate (i.e., technology or industry-based).

When one considers having a “dual threat”, it really complements one work experience very nicely. Actually, it becomes a “hat trick”, to coin the hockey term for scoring three goals in a game. From the viewpoint of being a critical thinker, it especially utilizes this obtained skill and knowledge in determining risks and making appropriate decisions for your organization.