General discussion


How valuable are security certifications?

By debate ·
What certifications, if any, do you have? How do you feel they?ve enhanced your career? Which security certifications do you think are the most valuable? Share your comments about the value of security certifications, as discussed in the Nov. 19 Security Solutions newsletter.

If you haven't subscribed to our free Security Solutions newsletter, sign up today! Click this link to subscribe automatically:

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Some more valuable than others

by Aldanatech In reply to How valuable are security ...

I personally don't own any security certification, but I am planning on obtaining a CISSP to advance my career. I find it to be more valuable than others such as Security+.

Collapse -

they are all the same

by secure_lockdown In reply to Some more valuable than o ...

unless you have a potential employer who is telling you that if you get certification X they will give you job Y - don'y waste your time.

take certification for sense of personal achievement and goals - but don't count on much else.

Collapse -

Very valuable

by Roland D'souza In reply to How valuable are security ...

I have a few and I have found them to be very valuable. For starters, you could work with a product for years and never learn lots of the in-depth stuff that comes in very handy when disaster suddenly strikes. If you are looking for a job, I believe certs will at the very least get you short-listed and give you a chance to sell yourself at the first interview. I have just completed the MCSA 2003. I intend to complete the MCSE 2003 (Security Specialisation) after I complete the MCSE 2003 next month.

Collapse -

If you understand what the certification means....

by mlayton In reply to How valuable are security ...

... some are valuable. I got my CISSP years ago when I wanted to make a career move into a security organization. It gives general knowledge of the security field in terms which allow you to speak to managers about what concerns them. The ten domains were a nice breakdown of management-speak. Since then, the certs I have received are in the more focused domains of SANS, which require practical knowledge of the domain and technical details. While these enhance my career on the technical level, the details contained therein would bore management or confuse them.

Collapse -

Foot in the door...

by Praetorpal In reply to How valuable are security ...

As with anything else, a cert may get you in the door for an interview, but it is up to the individual's communication skills, attitude and experience to actually land the opportunity.

While I do not have a certification, I have talked to many so-called "security specialists" in the past few years. My conclusion is that certifications create a herd mentality or a group mind set. So many I spoke to did not even understand the concept of the trusted operating system, which is the highest level of security that can be achieved. That may be due to the fact that this is a military grade security and has not been prominant in the private sector previously. Thus, I would put my money on a combination of certification plus previous military IT security experience, if I was seeking a security specialist.

Collapse -

Well, call me an old cynic but ...

by Aardvarky In reply to Foot in the door...

You wouldn't be someone with military security experience looking for a civilian job, and trying to motiviate that prospective employers disregard your lack of qualifications, by any chance?

OK, really just joking. :-)

In general, I have always believed much more in relevant experience than qualifications. As someone once said, "theory is not worth the paper it's written on".

Collapse -

Security+ is a joke

by house In reply to Foot in the door...

CISSP is probably the most respected cert out there. I remember seeing a review of Security+ on certcities website. It claimed one of the top spots in the most valuable certs list. I have not written this exam because I think it's a joke. I've acquired some documents that have model questions in-line with the Sec+ exam. The questions are just way too easy and logical. (to eliminate some confusion, and to defend myself from further attacks, I'd like to say that I am not a testking baby... I have been doing this crap for a long time... I use Q&A to identify my weak areas... not to memorize)

An IT manager who is aware of Comptia's exam will not recognize it as an impressive cert. Personally, I might write it just to add to my resume. It certainly doesn't require any studying on my part.

Collapse -

What the security+ is designed for

by scottsman In reply to Security+ is a joke

I think the point of the Security+ exam is to show awareness of Security issues. I feel the exam is targeted at a sys. admin, not a security professional. If you look at it from that perspective the exam is appropriate.

Collapse -

What security cert should I go for?

by ken.johnston In reply to What the security+ is des ...

I am a network admin looking to broaden out into security. I am studying the CompTIA Security+ book. I consider Sec+ to be a level one cert, as are A+ and Net+. I am also studying for my CCNA exam to get on the CCNP track. Back to security, what track should I get on that will get me to a high level of security training and cert?

Collapse -

What arrogance!

by Robotech In reply to Security+ is a joke

Tell me that you wrote this post just to generate conversation. Tell me that you?re not serious. Have you looked at the objectives for the Security+?

I'm responsible for managing several client networks, and If a client were to ask me to help them interview someone for a full-time post, the two certifications I would ask for are Network+ and Security+. Very few of us need a CISSP, which has several requirements (that most of us don't have unless we are constantly working in a security field) before you can apply for taking the exam.

Security+ covers a broad range of issues and technologies that any network Admin should be aware of (and usually they aren't). And if one is not aware of it because of the environment he/she works in, studying for the Security+ makes him/her aware.
Maybe a bank, or some other financial institution would require a CISSP to determine the security policy of the company and its branch offices (perhaps in the form of a security consultant), but for everyday functionality, I think Security+ is good enough.

Wanting everyone to have CISSP is like training your entire police force to be detectives. There isn't a need for that. You just need people who have sufficient knowledge to keep things in check. Whenever a serious and consistent problem develops, and there is a problem keeping it under control; then you can call in the specialists.

Kudos to the COMPTIA group for the work they put into the Security+ exam, I plan to do it in another 3 weeks.

Related Discussions

Related Forums