A different kind of certification
Recently I passed the Microsoft exam SC-900, adding to my CV the title Microsoft Certified: Security, Compliance, and Identity Fundamentals. As always with these Fundamentals certifications, done right, they come with zero costs: learning material is free, a voucher for the exam is given to (virtual) training days participants. With the passed exam comes a nice badge.
Compared to my other Microsoft certifications, this one will not really add any tangible and immediate benefit to me. Security is important and knowing a little bit more about security with Azure is never a bad idea. Nevertheless, it was a more than an interesting experience I did just for fun. I came across the exam and its associated training material after I finished my last fundamentals exam AI-900. The learning and exam details caught my attention. Compared to AI-900 or AZ-900 what you need to learn is not so much the how and why, but more the what. To pass AI-900 you learn not only the basics of the Azure AI/ML products, but you also learn something about the algorithms (how), use cases and processes (why). You learn how image recognition works, how a chat bot is built, the possible scenarios when to use these. Same for AZ-900. You learn how to create an app, a VM, how to manage it, how the costs are calculated and controlled. This applies to both certifications: you learn – and practice this too – why to use the Azure services and how they work.
SC-900 is different. Obviously, you learn the how and why. Yet the focus in more on the “what”. What does Microsoft offer in the security space? You do not need to learn and practice how to configure AAD, setup a firewall rule or to encrypt files. The learning and exam are focused on the capabilities of different solutions offered by Microsoft. Take a look at the learning path:
The learning is about solutions and capabilities. You learn what Microsoft Purview, Sentinel, Defender, AAD offer. You go through the capabilities of each solution and its roadmap. Take the compliance part of the learning: in detail you learn about the capabilities the Purview solution offers: compliance, risk, information protection management. And it is really about the capabilities. While the training explains the insider risk capability of Purview and that it helps to deal with this by offering information barriers, how this is achieved is not explained. You won’t even see a screenshot or must log on to the solution. The learning is solely focused on the what: what capability is offered for a given topic.
This experience reminded me of something I want in the SAP space for a long time. Not only a certification similar to the Fundamentals certification offered by cloud providers. I want a certification focused more on the solution capability. A certification that proves that you know what the product / solution offers (capabilities), and not so much on how you implement it.
A capability and roadmap certification.
A certification that shows that you understand what problem a specific SAP solution solves, what it offers to solve these and what future enhancement it will offer. Let’s take SAP UX (or Fiori) as an example. The certification should prove that you know the design principles, the different flavors, products available (Personas, Fiori web/Android/iOS, MDK, SAPGui for HTML), tooling (UI5, VS Code, BAS), app types, on premise vs. cloud, standard apps, extensibility and FLP options and the roadmap. But not validating that you know how to write an UI5 app, how to install Fiori apps or how to configure end user access. The same for S/4HANA, ABAP platform, business capabilities, LoB, industry or process.
Finding the right fit of such a certification is not easy. What fits under SAP UX might still be easy to determine, but what about S/4HANA or Analytics? The risk is that the learning and exam focuses too much on high level content, making it either too easy to pass or not providing any tangible benefit. Is it enough to understand an industry solution for S/HANA Cloud, or should it be for S/4HANA in general? Are ERP processes part of this, or is it enough to include the S/4 architecture, options, RISE? What the certification should be is an easy enough to learn and pass exam. Understanding of the capabilities, use cases and future plans. As you can see from the scope, the target audience is neither the developer, end user nor a business professional that has to work with the SAP product all day. The target group is comprised of pre-sales, managers, architects or analysts. These people more than often enough significantly determine the strategy of an SAP customer, yet rarely need to prove that they know what they are doing. They might go to an SAP conference, attend a roadmap session and later on claim that they learnt enough and are upskilled. But whether they understood the presented content correctly cannot be checked objectively. While there is currently a vast amount of learning material from SAP available that could be used to validate knowledge, this is either too technical, too high level, outdated, not available in a curated format.
As roadmaps enhance and new feature are added, this certification needs a strict time window where it is valid. The earliest time to take the certification should be shortly after the big corporate events where roadmap or strategy / product updates are announced. At best the certification expires after one year or shortly after another big conference. This assures that people have to keep their knowledge constantly updated and aligned with latest announcements and possible changes in strategy. An experienced consultant should be able to pass with minimal effort. Having already some basic knowledge, 2 or 3 days of learning should be more than enough. Again, it is more about the what a product offers, not the how. The exam should be proctored, at least the first time. Renewals might be done based on trust. Time effort for the exam should be low: 30 to 45 minutes. Its an exam that tests that you have dealt with the topic.
At least for customers the benefit of such a certification is easy to grasp: consultants (internal/external) are forced to update their knowledge on a regular basis. If the certification is not renewed, it is clear that they did not update their knowledge to match the latest offered capabilities of the solution. This ensures that the client can assume that the consultant is not giving advice based on outdated information. The internal architect can also demonstrate that necessary knowledge is available and better evaluate the presented work. And if everyone is renewing the certification and stays up-to-date, the demand for meetings where internal and external consultants get on a call with SAP to discuss the basics would get down to an absolute minimum. Instead of asking SAP to explain the roadmap and capabilities of a solution, this information must be made available in an easy to consume and self-learning supporting way. It is also an effective way to ensure that a person that just decided to be an expert in an SAP topic at least knows the basics. And senior experts cannot ignore forever the need to keep their skills updated.
With the certification, SAP will be forced to make up to date learning material available. Assuring that a HANA consultant knows the difference between HANA, XSC, XSA, the license model when used with S/4, whether Web IDE Fullstack, local, HANA Studio Eclipse, VSCode is supported and recommendend. Or a consultant that knows what happened to Leonard, the IoT portfolio, if Co-Pilot is still alive and under what name, how it works, if you can speak to it in German, Spanish or French, etc. Wouldn’t it be nice to at least get access to that consultant?