Re: RE: Value of certifications

["Yousef Syed" <yousef.syed () gmail com>]

Nathalie,
Be patient.
Get the real world experience - there's no substitute for it.

Do it at work and do it in your own time.
Setup your own home-network and play with it.

Subscribe to forums like this and spend more time reading and learning.
There are plenty of conferences - some are free, others you might be
able to get funding from work. If they want to pay for your
certifications aswell, get them, but don't rely upon them.
There's a huge amount of information available online - use it.

Security is a large area. Find a field that you consider interesting
and one that you feel you have an aptitude for - seek to become an
expert in it. Whether it is securing applications, Crypto, Firewalls
and Networks, Pen-testing...  the list goes on and on. Try to keep
abrest of the other domains and technology, but remain focused on your
core strengths.


Basically, don't get a certification for the sake of it. The people
that are hiring you (unless you plan to become just another number in
a HR system) should be more interested in what you've done and what
you can do. If the employer is more interested in the certification
than in your actual experience and knowledge, then they aren't worth
working for (IMHO).

Good luck,

ys

On 26/04/07, Nathalie Vaiser, RFC, FMM <nat () ultraservice com> wrote:
> Hi guys,
>
> What would be recommend for someone who is fairly new to the IT-world
> and has a strong interest in security?
>
> The CISSP requires 4 or 5 years of related work experience.
>
> Would Security+ be recommended in that case? Or is there another suggestion?
>
>
>
> Thanks
> Nathalie



--
Yousef Syed
"To ask a question is to show ignorance; not to ask a question, means
you remain ignorant" - Japanese Proverb