https://www.infosecisland.com/blogview/ ... cured.html
So I've been studying various aspects of security so that I can get into a security career. As soon as I started listening in on the infosec community chatter, this is something I've heard a lot of about: 'certifications are not the end all, be all; one must have the experience to back it up.' Yet, these seemed counter to what I was seeing in job postings. I've seen it here on the forums too when people ask questions about certifications. 'These certs will give you some great experience in this or that, these will get you past the HR filter.'
How do we as an industry change that, or can we? While I'm very passionate about getting into a security career, forking over all that money to get a number of certs and keep them up to date just doesn't jive with me. When I separated from the military after 3.5 years as a sysadmin and experience in security, I had the hardest time finding a civilian sysadmin gig. I ended up working at a help desk, then after a year I decided to get my Net+, Sec+ and Linux+ (without the use of study guides, mind you - the knowledge was already there) just so that I could get a call back regarding a sysadmin/netadmin position (and it worked).
How does one go about proving their qualified with previous experience on a resume to get past that HR filter? I'd assume that after you get past the HR filter, you can explain your previous work experience and the home lab you use to explore various technologies on your own dime and time...but there's that damned HR filter in the way...
Anyway, just trying to stir up some conversation here. I know I'm not the only one whose trying to break into the industry that's frustrated with this (not to mention those who are already in the industry that think its BS).
Sidenote: Lee Kushner of InfoSecLeaders (teamed up with Mike Murray) is doing a workshop at BlackHat on careers in infosec. If anybody here goes to that, I'd love to hear what was talked about. He'll be presenting the results of their latest survey on the value of infosec certs too.