Re: A question about certification and training

[Michael Boman <michael.boman () securecirt com>]

On Fri, Dec 20, 2002 at 06:45:57PM -0600, * KAPIL * wrote:
> IMHO, your current job and future career goals have a lot to do with
> what certifications your acquire and what certifications your keep
> current as they expire. I for example have my A+, NET+ and Server+ from
> back in the day when I first started in IT. I am a systems engineer and
> work mostly on Microsoft technologies so I also have both flavors of
> MCSE. In order to have the complete spectrum of troubleshooting skills,
> I felt I needed to be well versed in routing and switching, so I got my
> CCNA. Now, if I were going to work mostly on Compaq hardware...I'd get
> Compaq certified. If I were interested in pursuing a career in
> Security....perhaps CISSP would be a good choice...it depends. Hope this
> helps!
>
> -K

I agree with the above poster, except when it comes to security
certifications. If you want to be a hand-on guy who knows how to decifer
various log format, harden servers etc. I recommend going for the SANS
GIAC line of certifications. My take on CISSP is that it's too broad
and too shallow, so I find it suiting managers better then the foot
solders. I have not yet taken CISSP, but I think it is something I
need to do as it's more or less expected of me because of my position
(Security Architect). I currently only have SANS GIAC certifications
but it suites me fine because I like to be involved. I am a hands-on
kind of guy ;)

Also bare in mind what kind of skills the people that has aquired the
certification you are looking for. Me for an example will not, ever,
take MCSE for an example as I have meet too many MCSE's that doesn't
has the very basic skills in system trouble-shooting. I do not want to
be assosiated with those kind of people. I am not saying that everyone
that has a MCSE has no skills, but here in Singapore I find them lack
in real skills. Of course if a customer wants me and my team to be
certified, well that's another thing (again, think job security).

If you take the mindset of having the certification as the lowest
measurable skill instead of the hightest then you will be fine thought. I
use my certifications (well, used - was a while ago since I was actually
looking for a job) as way to get past HR (they usually know s*it about
real skills, but are good at alphabet soups). Once in I let my experiance
and knowlegde talk for itself.

I define skill as someone who can basicly do what he or she says without
hesitation, with his/hers eyes shut. You can't belive how many people
I have interviewed that misses the simple step of checking logfiles
when troubleshooting.

So to wind things up: Be better then what the certification says you has
to be. And have a broad range of skills and keep them up to date. That
way you are worth more to your employer and hence has better job security.

Oh, another thing: Certifications are for HR people (getting the
interview, job security), not a quick way to get a pay rise. Keep on top
of things, be a jack-of-all-trades with a few special intrest areas and
you will always be valueble to your employer.

Best regards
 Michael Boman

PS
 Sorry for the long reply
DS

-- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com

Attachment: _bin
Description: