Most in-demand certifications

Viewing 21 reply threads
  • Author
    Posts
    • #5386
      yatz
      Participant

      http://certmag.com/read.php?in=3950

      Here are the four most in-demand certifications, according to Robert Half Technology’s staffing and recruiting professionals across the United States

      …CISSP…
      …MCSE…
      …PMP…
      …CCNA…

      Looks like a good list to me.

    • #34021
      caissyd
      Participant

      Great, my PMP is good!  ;D

      I will go after CISSP in 2011…

    • #34022
      Determ
      Participant

      What do you think about ISO/IEC 27001:2005 ? After passing final exams, participants receive accredited certification with title “Information Security Manager” and “Information Security Auditor”.

    • #34023
      yatz
      Participant

      @Determ wrote:

      What do you think about ISO/IEC 27001:2005 ? After passing final exams, participants receive accredited certification with title “Information Security Manager” and “Information Security Auditor”.

      It looks good on paper, but I’m unfamiliar with what is actually tested and what it takes to pass so I can’t say one way or the other.  Have you passed this (or has anyone here taken this)?  What is it like?

    • #34024
      hayabusa
      Participant

      Yeah, while it’s not, IMHO, as valuable to me, ‘technically’, ‘politically’ I plan on pursuing CISSP in the near future, myself.

      The one on that list that I find interesting, is CCNA.  While I see a number of posts for it on job boards like Monster, etc, even more often I’m seeing CCNP-styled job postings, where they want more than the average CCNA is going to have.

    • #34025
      Ketchup
      Participant

      I have to admit that both CISSP and MCSE have opened doors for me.  They don’t really prove that I know anything, but recruiters love popular certs.

    • #34026
      Anonymous
      Participant

      Even though I am a CCNP, I see CCNA more valuable in the manner of knowledge and expertise necessity. CCNP is definitely a targetted cert towards Network Engineering, just like CCSP is for Cisco Security etc. On the other hand, CCNA is a must-have-this-knowledge cert as it provides necessary know-how to everybody regardless of getting a job on Network Engineering.

      If I were a recruiter I would value CCNA for every IT/Telecom professional. I would value CCNP only for routing-switching roles.

      So CCNA to me is sth like a prerequisite cert in the sense of providing very fundamental and important knowledge (TCP/IP).

    • #34027
      dynamik
      Participant

      @Hordakk wrote:

      Even though I am a CCNP, I see CCNA more valuable in the manner of knowledge and expertise necessity. CCNP is definitely a targetted cert towards Network Engineering, just like CCSP is for Cisco Security etc. On the other hand, CCNA is a must-have-this-knowledge cert as it provides necessary know-how to everybody regardless of getting a job on Network Engineering.

      If I were a recruiter I would value CCNA for every IT/Telecom professional. I would value CCNP only for routing-switching roles.

      So CCNA to me is sth like a prerequisite cert in the sense of providing very fundamental and important knowledge (TCP/IP).

      Right. Even if you’re an MS systems admin, having CCNA-level will help you out. We strictly provide security services, yet we require all analysts to have a CCNA. If you don’t already have it, that will be the first thing you’ll be required to work on.

    • #34028
      impelse
      Participant

      It is true, a lot of recruiter they see the ccna like a must have cert, and the job is only for windows server but they want to see the certification

    • #34029
      dynamik
      Participant

      I really wish MS would do a better job of promoting the MCITPs. I know people who are still starting out their MS studies with Server 2003 because the MCSE is so much more well-known than the MCITPs. I’ve even met other MCSEs that haven’t even heard about the MCITPs. How does that happen? ???

    • #34030
      Anquilas
      Participant

      At InfoSecurity a few months ago I had the chance to talk to a bunch of big-time IT security managers, and suprisingly they all agreed that OSCP is one of the cert’s they hold in highest regard.
      It’s not suprisingly in itself, since OSCP is obviously awesome (looking at all the reviews), but I was surprised to see that it already has great value in the manager/recruiting world.

      I actually noticed it again in a recent job interview, where they explicitly asked for it.

      In short: I’d add that to the list 🙂

    • #34031
      impelse
      Participant

      @Anquilas wrote:

      At InfoSecurity a few months ago I had the chance to talk to a bunch of big-time IT security managers, and suprisingly they all agreed that OSCP is one of the cert’s they hold in highest regard.

      I actually noticed it again in a recent job interview, where they explicitly asked for it.

      In short: I’d add that to the list 🙂

      I had the same preception, I planned eLearnsecurity > CEH > OSCP

      I already beging with eLearnsecurity

    • #34032
      sil
      Participant

      This has been my plan for the past 3-4 years when I pretend to myself I will stop slacking:

      CCIE(s) (of note… I’ve actually studied for +10 years now on this… Google sucks! http://www.mail-archive.com/cisco@groupstudy.com/msg04919.html)
      CISA + HISP (to annoy)
      CREA || GREM (find it fun/interesting)
      OPSA + OPST + ISRM (more geared towards reality for me)

      CCIE(s) I’ve been fiddling with for years now… Lab part scares me not the content. CISA + HISP is to annoy people. CREA + GREM because they look fun. OPSA + OPST + ISRM because they make more sense for me.

      The reality is though, I don’t know what else to do. Sometimes I get bored with security, even more bored with certs. The certs have become the challenge to me, not the technology. I’m still awaiting the results for the CISM which some come within the next 10 days. I wanted to beat the authors with a cluestick. I had to “dumb myself down” and answer to the business side of security as opposed to the technical/defense side of things. So I’m having to try to figure out what it is INSERT_SPECIFIC_BODY_HERE wants.

      Who knows what route I’ll take but I will figure it out shortly. I thought about going the Juniper route since I’m immersed in SA’s and SSG’s daily, but that too annoys me. 2 months ago I had to configure and deploy 10 SSG’s (small number) with pre-defined tunneling information provided by the client. Had them all down with t’s crossed, I’s dotted only to have the client fudge the whole game up. I literally had to re-do them remotely on site which left me annoyed with SSG’s because of my client. I may do the JNCIS-SEC who knows but I’ve had it up to ^here^ with vendor-specific certs. I’m keeping an eye on the ISRM though (http://www.securityhorizon.com/aboutISRM.php) and for those unaware of it, its what the NSA-IAM/IEM used to be.

    • #34033
      Don Donzal
      Keymaster

      Guess the Free Monthly Giveaway this month of Cisco Training by CareerAcademy.com is appropriate. 😉

      Don

    • #34034
      hayabusa
      Participant

      I’d have to agree, don!

    • #34035
      caissyd
      Participant

      In Canada, the Communications Security Establishment (CSE) is more or less the equivalent of the NSA in the United-States. They are responsible for evaluating security professionals working for the canadian government. Here are the ONLY certs they value:

      CISSP from (ISC)2
      CISSP / ISSEP from (ISC)2
      CISSP / ISSAP from (ISC)2
      CISSP / ISSMP from (ISC)2
      CISM from ISACA
      CISA
      GIAC / Any Silver audit certification
      GIAC / Any Gold audit certification
      GIAC / Any Silver management certification
      GIAC / GSFP, GEIT Gold management certification

      We are always 5 years behind the american DoD…

    • #34036
      caissyd
      Participant

      BTW, Sil, why don’t you write a book?

      You are good at teaching others and this would be a great challenge!

    • #34037
      sil
      Participant

      I thought about it a few times. The fact is, I would likely have a few books to write. Some would make people do a Home Alone (http://images.eonline.com/eol_images/Articles/20071211/293.home.alone.121107.jpg). I thought about an “Art of Cyberwarfare” style book based on attacks with explanations of the attack vector and logic behind potential defenses. The problem with this style of writing would be that the moment that the book was quoted as being behind some scriptkiddiot’s attack, would be the moment the industry would poop on the book: “How could they publish such a book!”

      The reality is, in order to truly comprehend ANY defensive strategy, one MUST be familiar with the attack vector and the inherent and potential dangers behind it. For example, in 2005 Theo DeRaadt @ OpenBSD decided away with ICMP source quenches in the network stack to which I responded… “Nothing new move along” (http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-07/0101.html) I had written about this starting in 1999 and releasing a PoC in 2000 (http://www2.packetstormsecurity.org/cgi-bin/search/search.cgi?searchvalue=tidcmp&type=archives&%5Bsearch%5D.x=0&%5Bsearch%5D.y=0)

      People didn’t get it then. Same went for Bubonic and Daemonic. Back then Richard Bejtlich got it (http://seclists.org/incidents/2000/Aug/277) others didn’t. Right now I have a pretty nasty tool I won’t ever release because it literally allows me to turn your device into a firewall like it or not. Imagine that for a moment… I aim it at any networked device you have, that device stops sending and receiving period until I give you room to breathe. I went over the tool and what it does with NANOG, IETF, Cisco, Foundry, Sun and others. Its really nasty, the solution? Rewrite TCP which no one would do. (seriously) Ask yourself, if I can find this tinkering how long before someone has as much time and weird creativity or can fuzz that much.

      I did think about the book gig before, the problem: Content… I wouldn’t want to do anything anyone else has done. In order for a company to publish it, there has to be an audience. An audience filled with “Go to hell…”, “why the f,,, would someone write this book!…”, “there goes our networks…” wouldn’t make for much appeal

    • #34038
      yatz
      Participant

      Just found this article today, which pretty well sums up what I’ve been seeing in the industry over the past few years, and what has been said on this site a number of times.

      http://www.computerworld.com/s/article/9180194/Let_s_certify_business_savvy

      But no IT certification currently available can gauge whether a professional understands how IT supports and complements the overall business.

      And this part too:

      We need a new type of certification, one that measures a person’s understanding of how computing integrates into, and drives, today’s business. A certification that weighs understanding of business computing concepts, business processes, communications skills and technical acumen would better reflect the package of skills needed in today’s IT workforce.

      This is probably why PMP is on the above-mentioned list, but PMP really isn’t enough.

      Still, it always seems to be polarized.  At my company we have some very gifted help desk folks and a network admin who manages well and knows his stuff, but none of these guys have much business knowledge and readily pass those tasks to either myself or to one of our database admins.  Unfortunately, the DB guy is on the opposite end and knows the business really well and has electrical and computer experience (obviously since he’s a DBA), but if you try to talk to him about taking away admin rights of users or antivirus or patching and all he’ll say is it hinders the business and puts unnecessary blocks in the way.  Absolutely no idea about INTERNAL threats, much less exploited users (social engineering or otherwise).  Keep in mind this guy still writes all his apps in VB6 because it’s easier, but because of that we’ve had to deal with insecure and unsupported objects and protected environments, all of which “prevents us from doing business.”

      I’m caught in the middle, but sometimes its comfy since I can talk to everyone with some level of understanding.  Getting into the security side too requires knowledge on both sides of the table, which is probably why I’ve seen so much of this opinion on this site.

    • #34039
      impelse
      Participant

      Intesting article.

      Rember doesn’t matter were you are there will be always somebody that will say: does not important, etc, etc

    • #34040
      caissyd
      Participant

      It takes years of experience to become a good team lead or project manager. It also takes years of experience to become very good in a narrow field in IT. That’s why it is difficult to find both qualities in the same person.

      Certs test knowledge, not experience…

    • #34041
      sultanmg
      Participant

      That is absolutely true, especially in Canada. I do not know how the similarity comes to have taken place but the truth is the communication security establishment is very much similar or almost similar to the National Security agency of the United States of America. I guess there has been a medical report of someone trying to poison another official there. At least that is what I have heard from the hospital I have worked in USA

Viewing 21 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?