Re: University Degree or CISSP

[Greg van der Gaast <gvandergaast () yahoo com>]

Ok, I was following until you said this:

"much, much more technical [Certifications].  Those
would be the Cisco CCNA (don't waste yer time with the
CCNP, get the CCNA, but be prepared for ALOT of
studying about routers and the routing protocols --
also their tests are brutal"

I don't know how the heck you can consider CCNA highly
technical and certainly not how you can consider the
test "brutal" and requiring "ALOT" of studying.

Now I took the CCNA. I went to Borders (not even
knowing what a subnet was at this stage), bought the
ICRC book, went to sylvan 2 weeks later and got a
CCNA. You can be a complete moron and get a CCNA with
ease with 0 practical knowledge. CCNA is a
PREREQUISITE for CCNP. CCNA teaches you RIP. ACRC (1/4
of the CCNP) teaches you ospf, igrp, eigrp, bgp4,
weighed queing, etc, etc. The CCNP is infinitely more
valuable than a CCNA. 

I don't mean any offence but you seem to be
demonstrating the same ignorance recognizing skills as
the recruiters you're talking about.

Unless you want to be a support tech who occasionally
has to reset a router's password, there's little
that's useful in CCNA. Granted, more recruiters know
CCNA as a buzzword. I care about doing my job well,
and if that means waiting for an employer to come
along that knows it's stuff, so be it. it'll save me
from losing my mind once I'm working.

That said, cisco's tests are some of the easiest I've
seen. Easier than MCPs and that's saying a lot. I
(someone with absolutely zero networking knowledge at
the time) managed to get CCNA, CCNP (4 tests), CCDP (4
tests, 3 of which overlap with CCNP), CCNA WAN, CCNP
WAN(4 tests), CCDP WAN(4 tests), and MCNS (managing
cisco network security) in the span of 14 weeks on my
own dime and time. No courses.

I don't know how you can perceive these things as
difficult but in my book they're easy. Too easy. And
it's precisely this ease that makes them less valuable
for me and why I don't waste my time getting
certifications anymore. Of course there's some
exceptions. 

Sadly I agree with some of your points. Good, tough
certifications aren't as common and clueless
recruiters therefore don't recognise them because they
don't bother doing research. A couple friends of mine
have gotten CISSP and complained of it's ease. I won't
waste my time on it. SANS GIAC however seems much
tougher and forces people to think and write about the
subject. I would like that challenge.

There are plenty of companies out there that are
looking for GOOD people. The only barrier is
recruiters that don't recognise GOOD people. That's
the challenge. You can sell out and saturate your
resume full of crap, or you can accept the challenge,
refuse to compromise, and deliver. It might take you
2, 5, even 10 years to get through but that challenge
will only make the future years sweeter by making you
resilient, and truly knowledgeable. IT existed long
before IT certifications did. None of the brilliant IT
pioneers had certifications. Granted, many of them
went to university, but most of them put in more
effort playing in labs than studying, and plenty of
them didn't get a degree. 

 
> --- Bob Radvanovsky <rsradvan () unixworks net> wrote:
>
> > OK, time for my $0.02 worth of commentary.
> >
> > Ladies, the outcome from all of this bickering is
> > simple: you need both.
> >
> > I have several degrees that are both business and
> > computer related, along with slightly over 2 dozen
> > certifications.  Realistically, the ONLY reason
> for
> > having a certification is so you can: (1) either
> > promote yourself better within your company to
> > acquire or move to a higher paying position, or
> (2)
> > move onward to another company, demonstrating your
> > knowledge and skillset.
> >
> > This goes back to my original analogy of Dr.
> Suess's
> > story of the "Star-Bellied Sneeches".  The
> eventual
> > outcome was that neither was better than the
> other,
> > and they needed each other to band together. 
> Simply
> > having the CISSP certification does have some
> merit
> > because of its length in the industry and how some
> > recruiters consider it prestigious.  That may be. 
> > However, I know people who, not only have the
> CISSP,
> > but other security-specific certifications, and
> > couldn't perform a risk assessment, penetration
> > analysis, case study, or even a simple audit
> without
> > consulting the "Auditing for Dummies" book (there
> > isn't one that I'm aware of, but I am simply being
> > demonstrative for this case).
> >
> > Consequently, I've known college students that got
> > almost straight "A's" throughout college.  And 'ya
> > wanna know what they're doing today?  Unemployed. 
> > Yup.  And the reason why?  They can't *apply* what
> > they know, because they never really studied, only
> > memorized, the material.
> >
> > It is a balance of having both items.  If you look
> > closely at many job requirements, it's something
> to
> > the effect of cert plus degree, or degree with
> > experience, or cert with experience.  Simply
> having
> > them both is no guarantee that you'll get the job,
> > and consequently, having experience but no degree
> or
> > cert won't get you the job, either.
> >
> > A friend of mine pointed something out to me in
> very
> > simple terms.  Recruiters are nothing more than
> > order takers, very similar to those order takers
> > from fast food restaurants, such as McDonalds. 
> Most
> > of them have very little knowledge of the
> industry,
> > knowing just enough of the terms and buzzwords to
> be
> > dangerous, but have practical knowledge in how to
> > read and comprehend people.  What they're good at
> > doing is filling slots for companies -- nothing
> > more.  Companies give the orders on what they want
> > filled, and what are the requirements.  The
> > recruiters try and attempt to fill the slots as
> best
> > as possible.  And any recruiter that tries and
> tells
> > me that there's more to this is crazy.  For
> example,
> > we had ONE job position available here in Chicago
> > recently.  The next day, 24 recruiters attempted
> to
> > state "unique job opportunity", all funneling into
> > that ONE job position that had opened up.  Also,
> > these recruiters used the exact same job posting
> > boards that you and I use: Monster, AllJobs,
> > USAJobs, HotJobs, etc.  So, how is that helping
> you
> > out?  They'd like to say that they have their own
> > selective search database and that their service
> is
> > unique and comprehensive.  Rrrrrrr-ight.  Many of
> > them *share* data between each other.  It goes
> back
> > to filling slots and them getting their commission
> > checks -- nothing more.  In fact, most recruiters
> > would rather that people move from job to job to
> job
> > more regularly, because they'd get a fatter,
> bigger
> > bonus.  I know several long-time colleagues from
> the
> > IT industry recruitment field (about 15 years
> now),
> > and they occasionally come to me with a job req.,
> > asking if I'd be interested.  It's always the same
> > thing, doing the same crap, day in, day out, and
> > offers nothing more than a lateral move for me. 
> > BUT...what it does do is give me a little bit more
> > insightful information as to how their recruiting
> > process works.  Recruiters try and get people to
> > sign up with them for their *EXCLUSIVE* search
> > database, almost stating that they'd GUARNTEE you
> a
> > job.  HINT: if you listen carefully, and have done
> > this as long as I have, you'll never actually hear
> > them "guarantee" you a job.  To do that would be
> > misleading, and I'm pretty sure that it might even
=== message truncated ===



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------