.

The Value of Certifications

<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Thu May 17, 2007 12:32 pm

The Value of Certifications

After reading a very spirited, informative discussion on this topic over at SecurityFocus I decided to throw my own hat into the ring. I want to expand on several relevant topics. 1 - Certifications are a joke - A certification alone, without experience is typically not worth that much in the real world. It proves that the candidate can pass a test, often with having the questions in advance( see Testking/ActualTests). All it really guarantees, is that the candidate has some basic knowledge of the subject. Even the certs with experience requirements are pitiful, due to the fact that they do not audit every candidate. And if they did, there's always a chance they lied, like most people do on their resume.  2 - Certifications are necessary - until the HR machine is overhauled, you cannot afford to not have certifications. Unless you have a good contact in the company, most non-certified individuals will be screened out by the non-technical HR employee, who basically knows keywords. I think also if your very specialized, like on a certain product or field, having one of the more advanced certs could be very rewarding financially. Also on the opposite spectrum, having certs in several different areas, like various OSes, networking, security, etc can show that your pretty versatile. 3 - Experience is still king - Despite the fact that you have a lot of "enhanced" resumes out there, experience is still the most important factor in deciding whether or not a candidate will be successfull. A good track record of completing projects, troubleshooting, implementing, etc along with personal references from those jobs are still the best indicator that I've seen. Granted you need to do a fair amount of vetting via the technical interview, I still think its what employers should put more emphasis on versus certifications. In conclusion, I would like to state that I don't think its possibile for anyone to argue that the current certification system we have is not broke on multiple levels. We have hiring managers without a clue. We have money grubbing, so called experts selling us mediocre certifications. In short, we all have to take responsibility for fixing it. Whether its done by educating people of the dangers of paper only certified employees or by designing a new system, something needs to be done.

http://www.digg.com/security/The_Value_of_Certifications
<<

LSOChris

Post Thu May 17, 2007 5:21 pm

Re: The Value of Certifications

i would be careful not to say that "ALL" certifications are a joke.  For example,  I would put "some" stock into an individual who had thier CCNP or CCIE there are other example like thier OSPT but far more examples where you are correct that they can memorize test questions and just go pass the test and get their cert and not really know anything.

you have to remember for some of those under your #1 that you do have some influence as well, for example ISC2 now requires you to have a CISSP in good standing sign off that you meet the experience when you pass the test. I for one would NOT sign off on anyone for a CISSP that doesnt meet the requirements both ethically and knowledge wise. 

The security community COULD self police itself on alot of the issues you brought up if people united to do it.  I read Don Parker's article, IMO it doesnt say anything new.  the answer to paper certs is are hands on tests for certification.

how you do that is another larger, more expensive, problem to work out...
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Fri May 18, 2007 6:59 am

Re: The Value of Certifications

I was refering to the postings on the Security Basics mailing list under "The Value of Certifications", not Parker's article. If you have time check them out, some interesting comments. Its toward the end of April I think.

I agree with what your saying for the most part however I see exceptions everyday. For instance I had a CCIE in one of my graduate classes that worked at Cisco and didn't understand PAT and NAT correctly. That is really scary. I could tell he was a sales person and not a technical guy. Likewise with the CCNP, I've worked with several that don't even work on routers. I infact know several people that clearly didn't have the CISSP requirement met, yet someone signed off on them. ISC2 only audits a tiny fraction of the applicants. I've seen all these, and IMHO its more of the norm then the exception. Just strictly opinion though. While I understand certifications have some value, there needs to be way less emphasis on them, because there not as credible as most people believe they are. And this is coming from someone with a lot of certs, not from a guy who refuses to get them.
<<

Kev

Post Sat May 19, 2007 10:14 am

Re: The Value of Certifications

  I think its important to first qualify where and when a cert is important.  If you are sending out your resume to a number of unknown companies in hopes of a job interview, a cert or certs will have value. On the other hand, if you are running your own business, they become less useful. Your reputation and history is way more important.

  If you are applying for a job and you have a strong inside connection, certs have less value.  I have seen time and time again, the person with the right contact getting the job while others with much better credentials getting passed over.  So are certs important? Yes and no, depending on your situation.  There are a number of pentesters out there that have a very good career with little or no certification.  I think certs are fine, but don’t get so caught up in them that all you do is chase them and never improve your real life skills. Its always sad to hear of someone reading a brain dump and then passes a cert like the CEH and then admits they have no real hacking skill.
<<

wget

Newbie
Newbie

Posts: 1

Joined: Mon Jun 04, 2007 6:25 am

Post Mon Jun 04, 2007 7:28 am

Re: The Value of Certifications

I will add my two cents here. I have had this conversation many times over the years.

I agree with experience and college education is king.
I think a Computer Science degree (or Engineering) will give the proper foundation and then experience really puts a person head and shoulders above the others.

I am scheduled to take the CISSP in a few weeks.  This is the first time I am actively going after a certification.  I am only doing it because the industry has recognized it and many positions require it.  I am pleased with the materials so far.  I do feel ISC2 is making a best effort to protect the value of the certification aside from "making" money on it.  It appears the CISSP exam (IMHO) to be structured in a way that insures the candidate has the ability to use theory and technical analysis.  Those types of exams are difficult to regurgitate from memory.

I am 12 years working in IT and I have debated for years whether to go "get" certifications.  An interesting point that helped sway me away, was from a friend who was a Director of Networking/Telecomm of a large university.  His response was that when he sees a resume with 15 certifications, he tosses it because he wonders how much time the candidate will be spending of his time and money to get the next certification, instead of adding value to his team and environment.

It's a valid thought and a different pespective for others to think about.

Overall, I think certifications can allow a hiring manager to gauge a candidates capabilities a little bit. It provides a front line screen.  Yet, it is still the repsonibility of that manager to hire someone qualified, and good interview questions can reveal a persons capabilities very quickly.  Experience ends up being king in my book.
<<

blackazarro

User avatar

Sr. Member
Sr. Member

Posts: 368

Joined: Sun Aug 13, 2006 5:31 pm

Post Mon Jun 04, 2007 9:15 am

Re: The Value of Certifications

Let me explain my situation and say why sometimes having a cert can be beneficial. I've been working as a Network Security Analyst for a small MSSP. I've been doing the same thing for over 2 years and started to get bored. I wanted to get into pentesting or vulnerability assessment which my company offers as one of their security services. But for some reason my boss did not feel confident that I could handle the job even though I demonstrated that I have enough knowledge and skills. Right after I received my first ethical hacking cert (OSCP), my boss started to pour small assignments on my lap. Weird huh, needed to be certified so my boss could be confident enough to hand me over some new stuff. But I guess I do understand him, I mean, I've only been working as an analyst for 2 years and he must still consider me as a newbie. The cert definitely provided my boss evidence that I poses the basis and certain level of competence of ethical hacking skills. Because of this and other certs that I hold, I was given the chance to expand my knowledge and experience within my company.
Security+, OSCP, CEH
<<

LSOChris

Post Mon Jun 04, 2007 2:42 pm

Re: The Value of Certifications

wget wrote:
I am 12 years working in IT and I have debated for years whether to go "get" certifications.  An interesting point that helped sway me away, was from a friend who was a Director of Networking/Telecomm of a large university.  His response was that when he sees a resume with 15 certifications, he tosses it because he wonders how much time the candidate will be spending of his time and money to get the next certification, instead of adding value to his team and environment.

It's a valid thought and a different pespective for others to think about.


everyone is entitled to his opinion, so here is mine, that guy is a jackass.  The "I have tons of experience I dont need certs" talk is almost as old as the "vaule of cetifications" talk.  I am guess this guy doesnt have certs, Sure he is much too busy for that kind of thing.

in my experience i have seen that the majority of people that pull the i dont need certs, certs are stupid talk, usually dont have any and usually have dated experience with that they do know (There are obviously exceptions).  I am not saying that certs=knowledge in the subject.


While you buddy may be throwing away a good chunk of paper certs into the trash, with that biased way of thinking i am sure he threw several qualified applicants in the trash as well.

on another but similar note, how do you demonstrate to a potential employer that you have drive and desire to keep your skills current if they cant look at a resume and see that you have a record of improving yourself versus spending all your time "dedicated to the team and work"?  That dedicated guy may not be the most current of most driven guy you can hire.

pros and cons....
<<

RJReed67

Newbie
Newbie

Posts: 2

Joined: Fri Apr 20, 2007 11:23 am

Post Tue Jun 05, 2007 11:38 am

Re: The Value of Certifications

wget wrote:I agree with experience and college education is king.
I think a Computer Science degree (or Engineering) will give the proper foundation and then experience really puts a person head and shoulders above the others.

Overall, I think certifications can allow a hiring manager to gauge a candidates capabilities a little bit. It provides a front line screen.  Yet, it is still the repsonibility of that manager to hire someone qualified, and good interview questions can reveal a persons capabilities very quickly.  Experience ends up being king in my book.


I agree with experience, but not with the college education part. Most college Computer Science degrees teach things that are at the fringe of being out of date.

Do not get me wrong. I am not againist a college degree at all, but it does not add any additional credability to an applicant in my opinion. I know that there are HR people out there that throw my resume out, because I do not not have a degree of any kind. But the years of experience that I have, along with my certifications, more than make up for the lack of a degree.
RHCE, GCUX, GCIH
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Thu Jun 07, 2007 10:02 am

Re: The Value of Certifications

I agree with you, a traditional degree doesn't add much value in IT work environment, unless its at very tech focused place. Still though, a degree is often listed as a requirement and therefore is vital to many people. Also, if you ever leave the IT world, a degree is more apt to help you then a bunch of technical certs.
<<

SecurityAware

Newbie
Newbie

Posts: 2

Joined: Sun Jun 03, 2007 7:39 pm

Post Sun Jun 17, 2007 4:05 pm

Re: The Value of Certifications

The right certifications are key - the more advanced certs will always win the day in specialized areas, such as information security.  The CISSP, CISA, and CISM come to mind.  Not everyone is ready for those senior level certifications and that's why certifications, such as the Security+ or the more intermediate level CEH are great for those in the beginning or middle of their careers.

Traditional education cannot be under-estimated either.  Learning business skills is criticial to get a techie out of the back office.  I've only worked in the Fortune 500 my entire career - all I've ever seen is people skills are the most important skills you have, followed closely by business skills, and then technical skills for IT workers.

Certifications and education hold great value and will get you the job.  Experience and a proven track record will get you the cash.  If you can manage to get at least 5 years of experience in IT, then I'd be willing to bet you can get a job just about anywhere, so long as you have the right certiciations and education.
Master's of Science in Information Security, CISSP, ITIL-Foundations

Working on:  CEH
<<

eRiCtHyReD

User avatar

Newbie
Newbie

Posts: 18

Joined: Tue Jan 16, 2007 11:02 am

Post Mon Jul 02, 2007 9:48 am

Re: The Value of Certifications

a traditional degree doesn't add much value in IT work environment, unless its at very tech focused place
  :-\

Well, just ask your HR how much more would you earn if you would have a Master Degree.

A lot of companies offer their packages depending on your studies and not necessarily on your certs or even experience. Studies prove that you should be able to overcome challenges and that you are able to commit for a long term.

The good thing about certs is that your CV might catch their attentions and maybe it is required if your company is placing you at their customers. And if you are a freelancer, it is a BIG plus to sell yourself $$$.

I agree though that experience is the most important.
CEH MCSE CCNA  Security+ Network+ A+
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Thu Jul 05, 2007 1:43 pm

Re: The Value of Certifications

eRiCtHyReD wrote:
a traditional degree doesn't add much value in IT work environment, unless its at very tech focused place
  :-\

Well, just ask your HR how much more would you earn if you would have a Master Degree.

A lot of companies offer their packages depending on your studies and not necessarily on your certs or even experience. Studies prove that you should be able to overcome challenges and that you are able to commit for a long term.


I wasn't refering to how much money you can make. I was referring to how much better you would be at your job. I've taken graduate courses and they have very little to do with practical stuff you would do on the job. Its mostly theoretical or extremely dated. Plus you have the market flooded with MBAs from no name colleges that offer graduate degrees to anyone with a checkbook. I also feel the same way about undergraduate classes. You can always make it more technical and relevant based on the projects you choose though, if your granted that leeway.

I've gotten to the point where the only way I learn anything worthwhile is reading on my own and doing "for fun" projects at work.

Also most companies don't just give you a raise when you get a degree. You either have to campaign for it, or leave to get any kind of reward. From  their point of view, they already have you. Its sad that most companies don't care about retaining good employees. Kind of the same philosophy as customers. They just want new ones, fuck the existing ones. Which is retarded considering the cost to add new customers.
<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Fri Jul 06, 2007 7:22 am

Re: The Value of Certifications

oleDB wrote:Also most companies don't just give you a raise when you get a degree. You either have to campaign for it, or leave to get any kind of reward. From  their point of view, they already have you. Its sad that most companies don't care about retaining good employees. Kind of the same philosophy as customers. They just want new ones, fuck the existing ones. Which is retarded considering the cost to add new customers.


To quote Joe McCray, quoting Zig Ziglar ;):

"The only thing worse than training good employees and losing them
is NOT training your employees and keeping them."
Reluctant CISSP, Certified ASS
<<

archtctfr

Newbie
Newbie

Posts: 15

Joined: Wed Mar 21, 2007 1:03 am

Post Fri Jul 06, 2007 8:55 am

Re: The Value of Certifications

Some how I could not just say something. The value of certs? Hmmm Lets see I went into my first data center in 1969. Yes this new thing called IP was not there. I remember the Main Frame was dead and open systems was the only place. I do think it is important to stay current with the direction of the technology. I did my ccna and half of my ccnp before I ever logged into a router. Now I do not list or even attempt to keep them current. It gets expensive unless you have a company paying for the recerts. Today I focus more on the Info Sec certs. I aggree that experience is better teacher than just pure theory. I have seen bright young people with their string of letters. Get stumped when thing as planned. Project wise or troubleshooting wise. Something changes after you have worked on many many problems and projects. College grads do not have it. Even ISC2 has changed the requirement to say that your degree will not get you the CISSP. I guess it depends on where you want to got. Into management where for some reasons all managers think techs want to go, or senior technical. Mangement CISM or PPM or the like. Technical CEH, LPT or the like seem more valued. In any case the need to stay current (are CEU's the answer). No I think it is a desire to learn and keep working on the things that are pertient to your job. Those two lines do not mix. My CISSP was a lot of work. My LPT was also. Which I like best would be the LPT train. That will change as this new IP thing appears to  be catching on it my just last. Even if V6 is the real answer. Just a thought. ;)
archtctfr CISSP LPT CEH ECSA
<<

niker02

User avatar

Newbie
Newbie

Posts: 3

Joined: Wed Jul 11, 2007 5:44 am

Location: UK

Post Thu Jul 12, 2007 7:29 am

Re: The Value of Certifications

I have been working as a network support administrator for 5 years, and I am now ready to move into security.

Not coming from a security background, I would need to get a basic understanding of security for me to build upon. I think the first logical step now would be to get some security certifications behind me.

To get your foot in the door I have found that your resume is what sell you and make you a candidate for employment, now if they see that you are certified then I think they would take time to look at your resume and then go on to check your experience and skills set.

I agree that experience will always be the king, but everyone started from scratch and had to work their way up.

I would like to think if I attended a number of training courses to get actual hands on work, that would count towards at least a bit of experience.

I have now passed my CEH and now studying to take Comptia Security + and Linux +,  hopefully this will give me the foundation I need to start my end goal in becoming a Penetration tester. :)
Don't just think out of the box. There is no BOX !!


MCSA, MCSE, CEH
Next

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software