Re: A question about certification and training

["Tat Wee, Kan" <kan () hardware-one com>]

----- Original Message -----
From: "Alvey Robert W KPWA" <AlveyRW () kpt nuwc navy mil>
To: "'Phillips, Mike'" <PhillipsMike () otc army mil>;
<security-basics () securityfocus com>
Sent: Tuesday, December 24, 2002 6:41 AM
Subject: RE: A question about certification and training

Hi,

> I'd recommend getting as many of the CompTIA certs as you can (in between
> whatever you focus on for your career), right now they last forever and
they
> are recognized by almost anyone in any industry their certs cover.  They
> aren't hard (all are simply entry level), but it looks nice if you're
going
> in for security job to have the Security+, as well as a Network+ (For
> knowing how the network works and relating it to security), A+ (same thing
> but for hardware/OS concerns), Server+ (Servers are a big aspect behind
> security concerns as you probably already know), and Linux+ (For that
extra
> umph and the majority of the security related tools are not only better
(in
> my experience, which is rather limited) but cheaper on Linux).  All their
> tests are relatively cheap and most don't even require a full week of
study
> to complete, yet they still look nice on the Resume.

I have to disagree on getting as many CompTIA certs as one could. The papers
are lacking in technical knowledge, and expensive (compared to other
certifications like Cisco). I have a Linux+ and Network+, and most of the
time I feel ashamed to mention them (no offense to anyone).

If it's a security certification you are looking for, CISSP is the hottest
thing now. However, getting certified is one thing, being ABLE to perform is
another. You will be surprised by how many CISSPs out there who do not know
their stuffs well. But then, if you do not possess some sort of
certifications, it is hard to convince potential employers.