Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Value of certifications

From: "Erin Carroll" <amoeba () amoebazone com>
Date: Thu, 17 May 2007 12:03:24 -0700
Craig,

I agree that Technical certifications are a different animal when it comes
to re-certification vs. non-expiring certs in that the protocols, specific
tools and technologies, and assorted "hands-on" knowledge that validates the
percieved value of said cert changes rapidly. I myself have some
certifications from the late 90's/early 2000's that make great coffee
coasters now.. Foundry Certified Network Engineer from 2001? Not so useful
or cogent in today's tech space for exactly the reasons Craig alludes to.

However, I'm not in complete agreement. Certain "technical" certifications
which focus more on methodolgies, concepts, and process management (such as
the SANS GISP or GSLC) do not IMHO require re-certification for the most
part... or at the very least a much longer term before re-certification is
necessary. The tools and protocols may change but the underlying core
concepts that such higher-level "technical" certifications focus on change
at a much slower pace.

As Hari said, certifications are only a beginning. At one time I was a
top-notch Solaris engineer but since I moved to a more security-centric
focus many years ago I wouldn't trust me admin'ing on your critical servers
now :) If you aren't actively working to increase your knowledge and keeping
up to date you'll soon find your overall "value" dropping as your skill set
becomes more and more archaic or obscure. Don't expect another Y2K boon like
the FORTRAN programmers lucked in to. The IT field of study is not like a
History degree where you have a very finite and established dataset to work
with, it is constantly evolving.

Do I think certifications are the end-all be all of establishing the value
or excellence of a technologist? Absolutely not. But show me someone who has
continued to expand their skills through work and study efforts and their
"value" would be higher by my criteria.


--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball" 



-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Craig Wright
Sent: Wednesday, May 16, 2007 4:55 PM
To: Simmons, James; Hari Sekhon
Cc: security-basics () securityfocus com
Subject: RE: Value of certifications

Most of the longer standing professional certifications are 
mirrored on the CPE/CLE model used by the "controlled 
professions". This is a proof of continuing education.

It needs to be remembered that there is a cost of running 
this outside the initial updates. As an example, though I 
hate to say, people lie.
ISC, ISACA etc all have audit based controls. When people 
report, they do this with a chance that they will be audited. 
If the person is audited and is found to have embellished 
their response, than they lose the certification and may face 
legal action. So it is a way to (attempt
to) keep people honest.

Technical certifications are different. To take a much 
maligned certification, the MCSE. Now doing an MCSE on NT 4.0 
does not in any way help setup a 2003 Network. It is 
similarly no good stating that you did a CCIE in 1991 when 
there are an entire range of protocols which are totally new.

I obtained my BayNetworks certtificate in 1996. This was at 
their level equal to the CCIE. BayNetowrks merged with Nortel 
and now there is only Nortel. I have not updated my Nortel 
training since 2002. Should I still be able to make use of 
it, to go for a technical network position in a Nortel 
environment, I think not. (Well maybe as a junior, but nah)

Regards,
Craig



Craig Wright
Manager of Information Systems

Direct +61 2 9286 5497
Craig.Wright () bdo com au
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney 
NSW 2001 Fax +61 2 9993 9497 www.bdo.com.au

Liability limited by a scheme approved under Professional 
Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such 
legislation exists.

The information in this email and any attachments is 
confidential.  If you are not the named addressee you must 
not read, print, copy, distribute, or use in any way this 
transmission or any information it contains.  If you have 
received this message in error, please notify the sender by 
return email, destroy all copies and delete it from your system. 

Any views expressed in this message are those of the 
individual sender and not necessarily endorsed by BDO 
Kendalls.  You may not rely on this message as advice unless 
subsequently confirmed by fax or letter signed by a Partner 
or Director of BDO Kendalls.  It is your responsibility to 
scan this communication and any files attached for computer 
viruses and other defects.  BDO Kendalls does not accept 
liability for any loss or damage however caused which may 
result from this communication or any files attached.  A full 
version of the BDO Kendalls disclaimer, and our Privacy 
statement, can be found on the BDO Kendalls website at 
http://www.bdo.com.au or by emailing administrator () bdo com au.

BDO Kendalls is a national association of separate 
partnerships and entities.

-----Original Message-----

From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com]
On Behalf Of Simmons, James
Sent: Thursday, 17 May 2007 5:41 AM
To: Hari Sekhon
Cc: security-basics () securityfocus com
Subject: RE: Value of certifications

I have to say that I agree with the idea of keeping current 
with a certification. It ensures that you are... Well 
current. I do not like the idea of having to re-take the 
exam, or at least pay a high price to stay current.  I do 
like ISC2's way of addressing this issue. I would prefer to 
tweak it a bit, which I will be addressing later, but 
compared to the other alternatives, it is the better of two evils.

I do like your quote that "qualifications are the beginning." 
I will have to use that. There is a lot of truth in that statement.


Regards,

Simmons

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com]
On Behalf Of Hari Sekhon
Sent: Wednesday, May 16, 2007 8:10 AM
To: Brian Bemis
Cc: security-basics () securityfocus com
Subject: Re: Value of certifications

Hi Brian,

   I am in the same position. I think that expiring 
certifications are __extremely__ lame. If you have earned 
something then it's not very smart to take it away from you.

It's essentially a waste of time and a con trick to generate 
more revenue by forcing to re-sit the same exams over and over again.

Qualifications are the beginning, not the end, and you should 
be moving past them, not going back to their level all the time...

It was this that stopped me from bothering to get a CCNP. I 
have no intention of ever re-sitting my CCNA exam and nor 
will I be doing any other Cisco or other expiring exam, not 
unless my employer demands it, is willing to pay for it and 
give me the time to go and do it...

I still have mine on there but my creds are dated as to when 
I got them so someone can see I got it and that it is 
expiring/expired. I don't see what is wrong with that, you 
earned it at the time and that shows on your CV.

Hari


On 25/04/07, Brian Bemis <brian_bemis () hotmail com> wrote:

I have a question that kind of follows a long the lines of 

this one...


If you have a certification that lapses, can you still note 

it on your


resume? I got my CCNA certification 3 1/2 years ago, but do 

to recent 

time constraints, I wasn't able to go take the recertification exam.
Can I still list that on my resume, maybe with the year it 

expired, or
is that not cool?

Just wondering what others thought about that...




-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of lalit.gupta () bt com
Sent: Wednesday, April 25, 2007 1:18 AM
To: iccnt () yahoo ca; bert.knabe () lubbockonline com
Cc: security-basics () securityfocus com
Subject: RE: Value of certifications

Certifications get you through Biodata scanners in HR :)

Once you are through them, then only you are called for 

interviews.


So, certs are important for career advancement.

On another front, certs give confidence to your employer 

and client 

about your capabilities.


Regards,

Lalit Gupta
CIISA, CISSP, CCNA, MCP, CCE, CNE


-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of Doug Schlachta
Sent: Tuesday, April 24, 2007 12:44 AM
To: bert.knabe () lubbockonline com
Cc: security-basics () securityfocus com
Subject: Re: Value of certifications

Bert,

I suggest that if you are going to look at the Security+ cert you 
looking into the SSCP by ISC2 instead.
I have not seen much value given to Sec+ cert but I have 

seen value 

given to the SSCP.
It also gives you a good step towards obtaining your CISSP

eventually.


Regards
Douglas Schlachta
CISSP, SSCP, MCSE;Security, MCSE, CCNA, CFOT



----- Original Message ----
From: Bert Knabe <bert.knabe () lubbockonline com>
To: security-basics () securityfocus com
Sent: Saturday, April 21, 2007 1:18:11 AM
Subject: Value of certifications


My employer offers classes for 2 security certifications, CompTIA
Security+ and Certified Information Systems Security 

Professional. I

know that the CISSP certification is aimed more at 

management, and 

is worthwhile, but I'm not management (yet), so I'm looking at the
Security+, but I don't know if it's worth the time. Does 

anyone know

how much value it has? I've been able to follow the 

discussions I've


seen here, but I wouldn't call myself a security expert by any

means.


Thanks,
Bert Knabe






--
Hari Sekhon
Previous By Date Next
Previous By Thread Next

Current thread: