Security Basics mailing list archives
Re: University Degree or CISSP
From: Greg van der Gaast <gvandergaast () yahoo com>
Date: Thu, 26 Jan 2006 09:17:12 -0800 (PST)
Ok, I was following until you said this: "much, much more technical [Certifications]. Those would be the Cisco CCNA (don't waste yer time with the CCNP, get the CCNA, but be prepared for ALOT of studying about routers and the routing protocols -- also their tests are brutal" I don't know how the heck you can consider CCNA highly technical and certainly not how you can consider the test "brutal" and requiring "ALOT" of studying. Now I took the CCNA. I went to Borders (not even knowing what a subnet was at this stage), bought the ICRC book, went to sylvan 2 weeks later and got a CCNA. You can be a complete moron and get a CCNA with ease with 0 practical knowledge. CCNA is a PREREQUISITE for CCNP. CCNA teaches you RIP. ACRC (1/4 of the CCNP) teaches you ospf, igrp, eigrp, bgp4, weighed queing, etc, etc. The CCNP is infinitely more valuable than a CCNA. I don't mean any offence but you seem to be demonstrating the same ignorance recognizing skills as the recruiters you're talking about. Unless you want to be a support tech who occasionally has to reset a router's password, there's little that's useful in CCNA. Granted, more recruiters know CCNA as a buzzword. I care about doing my job well, and if that means waiting for an employer to come along that knows it's stuff, so be it. it'll save me from losing my mind once I'm working. That said, cisco's tests are some of the easiest I've seen. Easier than MCPs and that's saying a lot. I (someone with absolutely zero networking knowledge at the time) managed to get CCNA, CCNP (4 tests), CCDP (4 tests, 3 of which overlap with CCNP), CCNA WAN, CCNP WAN(4 tests), CCDP WAN(4 tests), and MCNS (managing cisco network security) in the span of 14 weeks on my own dime and time. No courses. I don't know how you can perceive these things as difficult but in my book they're easy. Too easy. And it's precisely this ease that makes them less valuable for me and why I don't waste my time getting certifications anymore. Of course there's some exceptions. Sadly I agree with some of your points. Good, tough certifications aren't as common and clueless recruiters therefore don't recognise them because they don't bother doing research. A couple friends of mine have gotten CISSP and complained of it's ease. I won't waste my time on it. SANS GIAC however seems much tougher and forces people to think and write about the subject. I would like that challenge. There are plenty of companies out there that are looking for GOOD people. The only barrier is recruiters that don't recognise GOOD people. That's the challenge. You can sell out and saturate your resume full of crap, or you can accept the challenge, refuse to compromise, and deliver. It might take you 2, 5, even 10 years to get through but that challenge will only make the future years sweeter by making you resilient, and truly knowledgeable. IT existed long before IT certifications did. None of the brilliant IT pioneers had certifications. Granted, many of them went to university, but most of them put in more effort playing in labs than studying, and plenty of them didn't get a degree.
--- Bob Radvanovsky <rsradvan () unixworks net> wrote:OK, time for my $0.02 worth of commentary. Ladies, the outcome from all of this bickering is simple: you need both. I have several degrees that are both business and computer related, along with slightly over 2 dozen certifications. Realistically, the ONLY reasonforhaving a certification is so you can: (1) either promote yourself better within your company to acquire or move to a higher paying position, or(2)move onward to another company, demonstrating your knowledge and skillset. This goes back to my original analogy of Dr.Suess'sstory of the "Star-Bellied Sneeches". Theeventualoutcome was that neither was better than theother,and they needed each other to band together.Simplyhaving the CISSP certification does have somemeritbecause of its length in the industry and how some recruiters consider it prestigious. That may be. However, I know people who, not only have theCISSP,but other security-specific certifications, and couldn't perform a risk assessment, penetration analysis, case study, or even a simple auditwithoutconsulting the "Auditing for Dummies" book (there isn't one that I'm aware of, but I am simply being demonstrative for this case). Consequently, I've known college students that got almost straight "A's" throughout college. And 'ya wanna know what they're doing today? Unemployed. Yup. And the reason why? They can't *apply* what they know, because they never really studied, only memorized, the material. It is a balance of having both items. If you look closely at many job requirements, it's somethingtothe effect of cert plus degree, or degree with experience, or cert with experience. Simplyhavingthem both is no guarantee that you'll get the job, and consequently, having experience but no degreeorcert won't get you the job, either. A friend of mine pointed something out to me inverysimple terms. Recruiters are nothing more than order takers, very similar to those order takers from fast food restaurants, such as McDonalds.Mostof them have very little knowledge of theindustry,knowing just enough of the terms and buzzwords tobedangerous, but have practical knowledge in how to read and comprehend people. What they're good at doing is filling slots for companies -- nothing more. Companies give the orders on what they want filled, and what are the requirements. The recruiters try and attempt to fill the slots asbestas possible. And any recruiter that tries andtellsme that there's more to this is crazy. Forexample,we had ONE job position available here in Chicago recently. The next day, 24 recruiters attemptedtostate "unique job opportunity", all funneling into that ONE job position that had opened up. Also, these recruiters used the exact same job posting boards that you and I use: Monster, AllJobs, USAJobs, HotJobs, etc. So, how is that helpingyouout? They'd like to say that they have their own selective search database and that their serviceisunique and comprehensive. Rrrrrrr-ight. Many of them *share* data between each other. It goesbackto filling slots and them getting their commission checks -- nothing more. In fact, most recruiters would rather that people move from job to job tojobmore regularly, because they'd get a fatter,biggerbonus. I know several long-time colleagues fromtheIT industry recruitment field (about 15 yearsnow),and they occasionally come to me with a job req., asking if I'd be interested. It's always the same thing, doing the same crap, day in, day out, and offers nothing more than a lateral move for me. BUT...what it does do is give me a little bit more insightful information as to how their recruiting process works. Recruiters try and get people to sign up with them for their *EXCLUSIVE* search database, almost stating that they'd GUARNTEE youajob. HINT: if you listen carefully, and have done this as long as I have, you'll never actually hear them "guarantee" you a job. To do that would be misleading, and I'm pretty sure that it might even
=== message truncated === __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: Re: University Degree or CISSP, (continued)
- RE: Re: University Degree or CISSP Jas Chase (Jan 25)
- Re: RE: Re: University Degree or CISSP shelmire (Jan 26)
- RE: Re: University Degree or CISSP Bob Radvanovsky (Jan 26)
- RE: Re: University Degree or CISSP Huang, John, GCM (Jan 26)
- RE: RE: Re: University Degree or CISSP Kain, Becki (B.) (Jan 26)
- Re: University Degree or CISSP Steven Kalcevich (Jan 27)
- Re: University Degree or CISSP Aman Raheja (Jan 27)
- RE: University Degree or CISSP Craig Wright (Jan 27)
- RE: University Degree or CISSP Craig Wright (Jan 27)
- RE: Re: University Degree or CISSP Craig Wright (Jan 27)
- Re: University Degree or CISSP Greg van der Gaast (Jan 28)
- RE: University Degree or CISSP Craig Wright (Jan 29)
- RE: Re: University Degree or CISSP Bob Radvanovsky (Jan 30)
- RE: Re: University Degree or CISSP Craig Wright (Jan 30)