We keep saying it, but it remains true: cybersecurity is not a static environment. Attack tactics and techniques, tools, frameworks, and ultimately compliance requirements are constantly evolving. The dark side always stays up to date. For engineering, IT, and security teams, that means they need to keep pace—or ideally stay one step ahead—continuously expand their knowledge, and replace outdated methods with expertise in cutting-edge technologies. That is why we introduced a USO requirement—one that all of our employees genuinely value.

Requirements are often quickly dismissed as a necessary evil. In our team, things are different. Everyone understands that untrained admins and engineers at security service providers represent a major security risk. A single misconfiguration or an overlooked update is enough to put our customers’ identity security at risk.

That is why one thing is clear to us at USO: qualifications cannot remain a “nice to have”—they need to be a must. That does not mean blindly working through a rigid mandatory program. Instead, our policy requires all technical colleagues to complete at least one vendor-neutral qualification every year. This allows us to maintain a broad understanding of current threat scenarios and best practices—across the entire team.

Last year and this year, the following certifications were on the agenda:

• (ISC)² – Certified Cloud Security Professional (CCSP)
• (ISC)² – Certified Information Systems Security Professional (CISSP)
• IDPro – Certified Identity Management Professional (CIDPro)

What sets our internal qualification requirement apart from the traditional vendor certifications we also complete? We are not just training specialists for one individual tool—which, yes, we are as well. We are building a much broader foundation, whether through IDPro content, ITIL processes, or certifications from (ISC)², ISACA, or SANS.

That gives us a major advantage: our expertise can be applied across different platforms and technologies. This independence gives our customers confidence that we understand the full context of Identity and Access Management—across security, processes, compliance, and risk management.

This proven approach also brings two welcome side benefits: one for USO as an employer, and one for our employees. Unlike the promises made in many organizations, annual qualifications at USO are never postponed. That strengthens our position as an attractive employer.

But above all, this creates real value for our admins and engineers. They stay up to date, work with genuinely cutting-edge technologies, and continue to grow professionally. First and foremost, this strengthens their personal employability.

Are we worried about losing our highly qualified colleagues? Not at all. That is the upside of valuing your employees, opening doors for them, and actively supporting their development: in most cases, you have already built a strong foundation. At that point, no one wants to leave.

If you would like to learn more about our company culture and the way we work, take a look at our blog post “That’s the Mountain We Want to Climb. Let’s Go!”

Our qualification requirement is not just lip service—it is something we put into practice every day. It helps us ensure quality and reliability for our customers while at the same time giving our employees real opportunities for growth. At USO, security, expertise, and appreciation go hand in hand.