Security Basics mailing list archives
RE: Value of certifications
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Thu, 17 May 2007 12:03:24 -0700
Craig, I agree that Technical certifications are a different animal when it comes to re-certification vs. non-expiring certs in that the protocols, specific tools and technologies, and assorted "hands-on" knowledge that validates the percieved value of said cert changes rapidly. I myself have some certifications from the late 90's/early 2000's that make great coffee coasters now.. Foundry Certified Network Engineer from 2001? Not so useful or cogent in today's tech space for exactly the reasons Craig alludes to. However, I'm not in complete agreement. Certain "technical" certifications which focus more on methodolgies, concepts, and process management (such as the SANS GISP or GSLC) do not IMHO require re-certification for the most part... or at the very least a much longer term before re-certification is necessary. The tools and protocols may change but the underlying core concepts that such higher-level "technical" certifications focus on change at a much slower pace. As Hari said, certifications are only a beginning. At one time I was a top-notch Solaris engineer but since I moved to a more security-centric focus many years ago I wouldn't trust me admin'ing on your critical servers now :) If you aren't actively working to increase your knowledge and keeping up to date you'll soon find your overall "value" dropping as your skill set becomes more and more archaic or obscure. Don't expect another Y2K boon like the FORTRAN programmers lucked in to. The IT field of study is not like a History degree where you have a very finite and established dataset to work with, it is constantly evolving. Do I think certifications are the end-all be all of establishing the value or excellence of a technologist? Absolutely not. But show me someone who has continued to expand their skills through work and study efforts and their "value" would be higher by my criteria. -- Erin Carroll Moderator SecurityFocus pen-test list "Do Not Taunt Happy-Fun Ball"
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Craig Wright Sent: Wednesday, May 16, 2007 4:55 PM To: Simmons, James; Hari Sekhon Cc: security-basics () securityfocus com Subject: RE: Value of certifications Most of the longer standing professional certifications are mirrored on the CPE/CLE model used by the "controlled professions". This is a proof of continuing education. It needs to be remembered that there is a cost of running this outside the initial updates. As an example, though I hate to say, people lie. ISC, ISACA etc all have audit based controls. When people report, they do this with a chance that they will be audited. If the person is audited and is found to have embellished their response, than they lose the certification and may face legal action. So it is a way to (attempt to) keep people honest. Technical certifications are different. To take a much maligned certification, the MCSE. Now doing an MCSE on NT 4.0 does not in any way help setup a 2003 Network. It is similarly no good stating that you did a CCIE in 1991 when there are an entire range of protocols which are totally new. I obtained my BayNetworks certtificate in 1996. This was at their level equal to the CCIE. BayNetowrks merged with Nortel and now there is only Nortel. I have not updated my Nortel training since 2002. Should I still be able to make use of it, to go for a technical network position in a Nortel environment, I think not. (Well maybe as a junior, but nah) Regards, Craig Craig Wright Manager of Information Systems Direct +61 2 9286 5497 Craig.Wright () bdo com au +61 417 683 914 BDO Kendalls (NSW) Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 www.bdo.com.au Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator () bdo com au. BDO Kendalls is a national association of separate partnerships and entities. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Simmons, James Sent: Thursday, 17 May 2007 5:41 AM To: Hari Sekhon Cc: security-basics () securityfocus com Subject: RE: Value of certifications I have to say that I agree with the idea of keeping current with a certification. It ensures that you are... Well current. I do not like the idea of having to re-take the exam, or at least pay a high price to stay current. I do like ISC2's way of addressing this issue. I would prefer to tweak it a bit, which I will be addressing later, but compared to the other alternatives, it is the better of two evils. I do like your quote that "qualifications are the beginning." I will have to use that. There is a lot of truth in that statement. Regards, Simmons -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Hari Sekhon Sent: Wednesday, May 16, 2007 8:10 AM To: Brian Bemis Cc: security-basics () securityfocus com Subject: Re: Value of certifications Hi Brian, I am in the same position. I think that expiring certifications are __extremely__ lame. If you have earned something then it's not very smart to take it away from you. It's essentially a waste of time and a con trick to generate more revenue by forcing to re-sit the same exams over and over again. Qualifications are the beginning, not the end, and you should be moving past them, not going back to their level all the time... It was this that stopped me from bothering to get a CCNP. I have no intention of ever re-sitting my CCNA exam and nor will I be doing any other Cisco or other expiring exam, not unless my employer demands it, is willing to pay for it and give me the time to go and do it... I still have mine on there but my creds are dated as to when I got them so someone can see I got it and that it is expiring/expired. I don't see what is wrong with that, you earned it at the time and that shows on your CV. Hari On 25/04/07, Brian Bemis <brian_bemis () hotmail com> wrote:I have a question that kind of follows a long the lines ofthis one...If you have a certification that lapses, can you still noteit on yourresume? I got my CCNA certification 3 1/2 years ago, but doto recenttime constraints, I wasn't able to go take the recertification exam. Can I still list that on my resume, maybe with the year itexpired, or is that not cool?Just wondering what others thought about that...-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of lalit.gupta () bt com Sent: Wednesday, April 25, 2007 1:18 AM To: iccnt () yahoo ca; bert.knabe () lubbockonline com Cc: security-basics () securityfocus com Subject: RE: Value of certifications Certifications get you through Biodata scanners in HR :) Once you are through them, then only you are called forinterviews.So, certs are important for career advancement. On another front, certs give confidence to your employerand clientabout your capabilities. Regards, Lalit Gupta CIISA, CISSP, CCNA, MCP, CCE, CNE -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Doug Schlachta Sent: Tuesday, April 24, 2007 12:44 AM To: bert.knabe () lubbockonline com Cc: security-basics () securityfocus com Subject: Re: Value of certifications Bert, I suggest that if you are going to look at the Security+ cert you looking into the SSCP by ISC2 instead. I have not seen much value given to Sec+ cert but I haveseen valuegiven to the SSCP. It also gives you a good step towards obtaining your CISSPeventually.Regards Douglas Schlachta CISSP, SSCP, MCSE;Security, MCSE, CCNA, CFOT ----- Original Message ---- From: Bert Knabe <bert.knabe () lubbockonline com> To: security-basics () securityfocus com Sent: Saturday, April 21, 2007 1:18:11 AM Subject: Value of certifications My employer offers classes for 2 security certifications, CompTIA Security+ and Certified Information Systems SecurityProfessional. Iknow that the CISSP certification is aimed more atmanagement, andis worthwhile, but I'm not management (yet), so I'm looking at the Security+, but I don't know if it's worth the time. Doesanyone knowhow much value it has? I've been able to follow thediscussions I'veseen here, but I wouldn't call myself a security expert by anymeans.Thanks, Bert Knabe-- Hari Sekhon
Current thread:
- Re: RE: RE: Value of certifications, (continued)
- Re: RE: RE: Value of certifications nomail (May 01)
- RE: Value of certifications Simmons, James (May 01)
- RE: RE: Value of certifications David Harley (May 02)
- RE: Value of certifications Jones, David H (May 02)
- Re: Value of certifications Hari Sekhon (May 16)
- RE: Value of certifications Devin Rambo (May 16)
- RE: Value of certifications Simmons, James (May 16)
- Message not available
- Fwd: Value of certifications kevin fielder (May 17)
- RE: Value of certifications David Harley (May 17)
- RE: Value of certifications Craig Wright (May 17)
- RE: Value of certifications Erin Carroll (May 18)