RE: RE: Value of certifications

["Simmons, James" <jsimmons () eds com>]

Exactly.  Nicely put.
This is what I opt for. Your should not get a job because you have a
particular cert. Look at any hiring site (monster.com,
Careerbuilder.com, etc.) and look how many jobs say "CISSP Required".
When I was looking for a job long ago, I would not even apply for those
positions cause they obviously do not get it. I would understand it they
say "CISSP a plus" , or something to that effect, but required?


Regards,

Simmons

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Yousef Syed
Sent: Friday, April 27, 2007 9:58 AM
To: Nathalie Vaiser, RFC, FMM
Cc: security-basics () securityfocus com
Subject: Re: RE: Value of certifications

Nathalie,
Be patient.
Get the real world experience - there's no substitute for it.

Do it at work and do it in your own time.
Setup your own home-network and play with it.

Subscribe to forums like this and spend more time reading and learning.
There are plenty of conferences - some are free, others you might be
able to get funding from work. If they want to pay for your
certifications aswell, get them, but don't rely upon them.
There's a huge amount of information available online - use it.

Security is a large area. Find a field that you consider interesting and
one that you feel you have an aptitude for - seek to become an expert in
it. Whether it is securing applications, Crypto, Firewalls and Networks,
Pen-testing...  the list goes on and on. Try to keep abrest of the other
domains and technology, but remain focused on your core strengths.


Basically, don't get a certification for the sake of it. The people that
are hiring you (unless you plan to become just another number in a HR
system) should be more interested in what you've done and what you can
do. If the employer is more interested in the certification than in your
actual experience and knowledge, then they aren't worth working for
(IMHO).

Good luck,

ys

On 26/04/07, Nathalie Vaiser, RFC, FMM <nat () ultraservice com> wrote:
> Hi guys,
>
> What would be recommend for someone who is fairly new to the IT-world 
> and has a strong interest in security?
>
> The CISSP requires 4 or 5 years of related work experience.
>
> Would Security+ be recommended in that case? Or is there another
suggestion?
> Thanks
> Nathalie



--
Yousef Syed
"To ask a question is to show ignorance; not to ask a question, means
you remain ignorant" - Japanese Proverb