Re: RE: Value of certifications

[lordl3ane () gmail com]

Bert/Petter;

Certifications have value in different situations.  The main thing to consider is that a certification is a declaration 
of knowledge, not of skill.  Technical certifications are for people following orders in making change and want to 
understand the technical impacts of making those changes.  Management certifications are for people who want to 
understand complex relationships between the technology being implemented and the risk they are mitigating as compared 
to the cost of choosing the control.  In either of the cases, certifications are required for certain computer security 
positions and contracts with the US government.

The Security+ and CISSP are both vendor independent.  The Security+ is a technical certification with some management 
concepts.  It is definately the one you want to start with if you're new to security and are coming from an IT 
background.  Many of the topics you'll learn from the Security+ certification will play an important role in studying 
for about 1/5th of the CISSP.

The CISSP is a big exam, but if you're good at memorizing a LOT of material, you can think of this in the same lot as 
the Security-Industry version of the LSAT or GRE.  Of course it's always better to have well rounded experience when 
taking an exam, but only the CISSP attempts to have this as a prerequisite.  Unfortunately, I’ve seen a couple people 
pass the experience requirement from uncertified supervisors, when they wouldn’t have gotten my endorsement.

Either certification will help when applying for other jobs.  However, if you’re looking for jobs that will take your 
certification seriously, be prepared to explain why your certification helps you – and reasons that you earned it other 
than that you sat for a “Bootcamp”.

Cheers!

Eric, CISSP-ISSEP, Security+, IT Project+, A+, MCSE, MCNE, CCNP, etc, etc.