+ Reply to Thread
Page 2 of 3 First 12 3 Last
Results 26 to 50 of 55
  1. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,596
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #26
    Quote Originally Posted by Ertaz View Post
    Never thought about buying a pageant dress just to wear it around the house. One could, I suppose...
    Unlike a pageant dress, the enduring purpose of certification is the increased knowledge it gives you. Except for getting you a first-round interview and the envy/awe of your friends the paper is quite useless.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    May 2016
    Posts
    1,632

    Certifications
    70-461, ITIL V3 F, ITIL OSA, ITIL ST
    #27
    Quote Originally Posted by ITHokie View Post
    It's likely because "the security field" is a much bigger animal than you think.

    https://taosecurity.blogspot.com/201...-mind-map.html
    All this shows is how vast the security space is (very cool I might add), however it has nothing to do with an individual getting 10+ security certifications.

    Information technology can be broken down into that many groups as well. You wouldn't get certified in all the domains / areas, it wouldn't make sense.........

    I've come to the conclusion like others have stated, there is a market to be exploited and people are willing to spend dollars in this area.....

    PS awesome map, thanks!
    Position: Data Junky
    Reformed Cert Addict.
    Reply With Quote Quote  

  4. I drink and I know things Ertaz's Avatar
    Join Date
    Jan 2006
    Posts
    658

    Certifications
    CISSP, CASP, CSA+, GPEN, CCNA Cyber Ops, Security+, MCP
    #28
    Quote Originally Posted by JDMurray View Post
    Unlike a pageant dress, the enduring purpose of certification is the increased knowledge it gives you. Except for getting you a first-round interview and the envy/awe of your friends the paper is quite useless.
    If you use it... Biba vs Bell–LaPadula anyone? That's knowledge I can't get rid of and brain cycles I'll never get back. (I can't seem to find my car keys consistently now.) I suppose if I had superbowl rings I'd wear them every chance I could.


    To me certs either say you're dedicated, or you just love a whooping. I suppose I love a whooping. MCSE is next for me unless I get redirected to OSCP.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Mar 2008
    Location
    Denver
    Posts
    111

    Certifications
    GXPN, GPEN, GCIH, CISSP, C|EH, CCNA, MCSE:S, MCSA, MCP, A+/N+/S+/L+/P+
    #29
    Quote Originally Posted by DatabaseHead View Post
    All this shows is how vast the security space is (very cool I might add), however it has nothing to do with an individual getting 10+ security certifications.
    It has everything to do with multiple certifications. If someone wants training and knowledge in some of the many facets of security, one option at their disposal is multiple certifications.

    As you said, this is similar to IT. It's not unusual to find accomplished engineers with Microsoft, Cisco, Red Hat, VMWare, project management and other certs. Often you'll see that security folks with "10+" certs have a number of technology certs - not just security-centric ones. This makes sense because the best security practitioners have a deep knowledge of the technologies they work with.

    Chalking all of this up simply to the fact that people have money and are willing to spend it is shallow thinking. It's obviously not just because people have money. Do you honestly think people are willing spend hundreds of hours of their life studying, giving up fun, giving up time with friends and family, etc just because they have the financial resources to purchase the training?
    Reply With Quote Quote  

  6. Senior Member cyberguypr's Avatar
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    5,773

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #30
    It makes a ton of sense to certify in multiple areas. Have you seen the laundry list of requirements for some security roles? It's not uncommon to see practitioners that float between these areas on a daily basis, especially in smaller companies. That doesn't mean that they are experts, just that they understand baseline concepts and have a desire to expand their knowledge. Besides, there's so much movement in Infosec that they guy doing GRC work may decide to pursue a forensics or vulnerability management role. If he has the right certs he may cause a good impression on the hiring manager and get a chance at the role. You gotta tip the odds in your favor. This is how you keep the universe of potential future jobs open.
    Reply With Quote Quote  

  7. Senior Member xxxkaliboyxxx's Avatar
    Join Date
    Dec 2013
    Location
    Austin, Texas
    Posts
    408

    Certifications
    GCIH, C|EH, Sec+, eJPT, SCCC
    #31
    This is the main reason DoD Approved 8570 Baseline Certifications

    Get on that list, you become a money making machine.

    PS: How in the hell did CFR get on there LOL. Best believe it will bring up their net worth.
    Studying: LFCS
    Reading
    : Python Crash Course
    Upcoming Exam: GWAPT

    https://realworlditsecurity.wordpress.com
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Mar 2008
    Location
    Denver
    Posts
    111

    Certifications
    GXPN, GPEN, GCIH, CISSP, C|EH, CCNA, MCSE:S, MCSA, MCP, A+/N+/S+/L+/P+
    #32
    Quote Originally Posted by xxxkaliboyxxx View Post
    This is the main reason DoD Approved 8570 Baseline Certifications

    Get on that list, you become a money making machine.

    PS: How in the hell did CFR get on there LOL. Best believe it will bring up their net worth.
    Yeah, that certainly contributes. But you only need CISSP for IAT III and C|EH for all CCSP categories. Those are the categories that generally apply to technical roles on the contracts I've worked on.
    Last edited by ITHokie; 07-14-2017 at 07:24 PM.
    Reply With Quote Quote  

  9. I drink and I know things Ertaz's Avatar
    Join Date
    Jan 2006
    Posts
    658

    Certifications
    CISSP, CASP, CSA+, GPEN, CCNA Cyber Ops, Security+, MCP
    #33
    Quote Originally Posted by ITHokie View Post
    Yeah, that certainly contributes. But you only need CISSP for IAT III and C|EH for all CCSP categories. Those are the categories that generally apply to technical roles on the contracts I've worked on.
    Don't you usually need a CE (Computing Environment) cert to go with that like CCNP or MCSE?
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Mar 2008
    Location
    Denver
    Posts
    111

    Certifications
    GXPN, GPEN, GCIH, CISSP, C|EH, CCNA, MCSE:S, MCSA, MCP, A+/N+/S+/L+/P+
    #34
    Quote Originally Posted by Ertaz View Post
    Don't you usually need a CE (Computing Environment) cert to go with that like CCNP or MCSE?
    Yes - CE is also necessary, but that is a separate requirement from IA (what was linked above).
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Oct 2010
    Location
    NATTED to nowhere!
    Posts
    508

    Certifications
    S+, N+, CEH, CSSLP, CISSP, CGEIT, CCSA, CCNA, CRISC, CASP, RHCSA, RHCE, CBE, GCIH
    #35
    Quote Originally Posted by DatabaseHead View Post
    All this shows is how vast the security space is (very cool I might add), however it has nothing to do with an individual getting 10+ security certifications.

    Information technology can be broken down into that many groups as well. You wouldn't get certified in all the domains / areas, it wouldn't make sense.........

    I've come to the conclusion like others have stated, there is a market to be exploited and people are willing to spend dollars in this area.....

    PS awesome map, thanks!
    Now more than in the past 10 years there are more facets of Information Security.
    Let's apply this to a real world scenario.


    Your accounting team discovers that your online orders were sold for a quantity of 400,000 for -$10.00 instead of $100.00 1 month ago.
    You are going crazy blaming the web guy and his boss for this extremely aberrant mistake. They swear that everything was done correctly and inspect some code changed by the owner of r00t or systam32.
    The Web manager goes to the IT boss and ask who the ID is. They respond, by 'We never created that account' meanwhile your website is still dolling out $1.00 to someone names Miss Moneypenny because that hacker likes James Bond and has a sense of humor.
    Both the Web and IT manager discover that you have been hacked and come to you.
    What do you do?
    Do have a security team?
    No. Because you felt that there 'is a market to be exploited' and find no need for one.
    Take down the website because you are bleeding BAD. You tell the IT and Web guys to bring back a new website with only a simple text line that shows your site is 'Under Construction'.
    You also have a meeting with the board... fun, fun, fun.


    Since you are a private company you decide to keep this on the down low and have all of your employees sign some form of NDA about the issue.
    It was too late, one of the IT guys posts a some sarcastic comment on twitter with a 'pants on the ground' reference. You fire him and have him remove his post and give him a 2 week severance check.

    You bring in the IT and web teams and start to see what 'we' can do to solve the problem.
    One of the IT guys, Tom, who on his own paid for a few of very technical Infosec certs raises his hand up and upon being acknowledged tells you the following should have been in place, a WAF's, a SEIM, someone who knows how to look through a SEIM, some more pen testing software and forensics hardware, have someone secure the code and test each change, run quarterly VA and Pentests.
    You stand up and yell 'Why the hell didn't we have these in place?'
    He comes back with 'My boss didn't see this as a priority and too be honest, we are really busy just trying to keep things up and running'.
    You shake your head in disbelief and start to develop the Yosemite Sam version of tourette's syndrome.
    You asks if he wants a new security position to take care of this and other issues like it if you double his salary.
    He comes back with this is going to be challenging....'You know what I make. Triple my salary, give me a team of 5 and give me 10k in training a year each'.
    ' FU%&ing Sold', you reply still with Yosemite Sam version of tourette's syndrome
    Tom then decides to call the FBI because he is a part of HTCIA and friends with some people in the bureau.
    The next day they show up and start their investigation. They also start their forensics. This takes 2.5 weeks to find the attack and another 3 or 4 days to reverse engineer the new exploit.
    The special agent and Tom walks into your office and wants to speak to you. Tom shows you the report generated by the FBI.
    The FBI special agent comes up to you and tells you the best practices.
    They also tell you that the person was a 14 year old kid in Santa Monica who did it by using Malware that would create zombies in your network that would slowly send information and just hacked your web servers because he wanted something better than a XBOX One and a 32' screen and was bored.
    Luckily you had decent backups that were not contaminated but it will take your company 3 months to get back to normal.


    In cases that may be smaller or are out of the FBI's jurisdiction, your organization may end up losing the money.

    This is an example that I have seen happen. The names have been changed to protect the innocent.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    May 2006
    Posts
    1,863

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #36
    You need all kinda certs, not only security certs because of things like this Verizon Breach: 6 Million Customer Accounts Exposed
    Reply With Quote Quote  

  13. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,327

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #37
    Quote Originally Posted by DatabaseHead View Post
    In your experience, your peers in the Unix field didn't care about certifications? If so that is what I found as well, not that I am worth a dang at Linux/Unix but working hand in hand with these folks, it was like once they locked into Unix/Linux that was it and certifications had no place.

    Sorry just wanted to follow up with you in regards to this, I find it interesting.


    That's right, specially with Unix(Solaris/AIX/HP-UX/SCO-Unix) even before Linux was a popular server choice. You either knew what to do (or knew HOW TO FIGURE IT OUT) or you didn't. Lots of dinosaurs looked at certs as a waste of time, they wanted to see that you had experience migrating servers and configure stuff and troubleshooting obscure software that you haven't seen before rather than passing an exam - but it's subjective. I always did both, played hands on and took certs.

    Security seems to over do it...but I'm pro certs in general so it doesn't bother me. I'm lazy when it comes to passing those certs exams unfortunately, need to get off my ars and work harder
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  14. I drink and I know things Ertaz's Avatar
    Join Date
    Jan 2006
    Posts
    658

    Certifications
    CISSP, CASP, CSA+, GPEN, CCNA Cyber Ops, Security+, MCP
    #38
    Quote Originally Posted by UnixGuy View Post
    That's right, specially with Unix(Solaris/AIX/HP-UX/SCO-Unix) even before Linux was a popular server choice. You either knew what to do (or knew HOW TO FIGURE IT OUT) or you didn't. Lots of dinosaurs looked at certs as a waste of time, they wanted to see that you had experience migrating servers and configure stuff and troubleshooting obscure software that you haven't seen before rather than passing an exam - but it's subjective. I always did both, played hands on and took certs.

    Security seems to over do it...but I'm pro certs in general so it doesn't bother me. I'm lazy when it comes to passing those certs exams unfortunately, need to get off my ars and work harder
    If you do the things and study the things you are almost unstoppable. I was really proud of my HP-UX CSA, then I left the job that used it and went back to Solaris. Some how my csh scripting has gotten rusty.
    Reply With Quote Quote  

  15. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,327

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #39
    Quote Originally Posted by Ertaz View Post
    If you do the things and study the things you are almost unstoppable. I was really proud of my HP-UX CSA, then I left the job that used it and went back to Solaris. Some how my csh scripting has gotten rusty.
    agreed, the certification material was extremely useful eventhough people in the field didn't care much
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Oct 2010
    Location
    NATTED to nowhere!
    Posts
    508

    Certifications
    S+, N+, CEH, CSSLP, CISSP, CGEIT, CCSA, CCNA, CRISC, CASP, RHCSA, RHCE, CBE, GCIH
    #40
    My point was in #17.... Learning Linux was something that did not have certifications at the time.


    ...SCO... now you are taking me back!
    At the time there was no Google, you had to spin up a box on your own and play with it to learn unless you went to a college where you were taught some programming languages Basic, Fortran, Pascal.... not so much the OS.

    I don't consider myself just a 'Linux guy' since I work on different OS's, but I did work on the certification for my company and learned a few things. I shared them with our team and we are stronger from it. If you do not use it frequently you may tend to forget some of the material or tools to perform the job.
    Reply With Quote Quote  

  17. Senior Member E Double U's Avatar
    Join Date
    Apr 2014
    Location
    The Netherlands
    Posts
    1,145

    Certifications
    CISSP, CISM, GCIA, GCIH, C|EH, and more.
    #41
    I get them because:

    - employers want them (so they foot the bill)
    - it is fun (I enjoy the continued learning)
    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Jul 2015
    Posts
    433
    #42
    Quote Originally Posted by bigdogz View Post
    *Wall of text*
    Having someone with a bunch of certifications and having a knowledgeable security team are not the same thing. It is entirely possible to learn technical skills without taking a multiple choice test afterwards.

    Your story also looks like it has nothing to do with certifications, and everything to do with leadership that didn't prioritize security.
    Reply With Quote Quote  

  19. Pancakes and Lasagna kurosaki00's Avatar
    Join Date
    Nov 2008
    Location
    Indianapolis
    Posts
    943

    Certifications
    CCENT, A+, Network+
    #43
    Quote Originally Posted by UnixGuy View Post
    Lots of dinosaurs looked at certs as a waste of time

    Now sometimes is the opposite. I recently worked as a contractor for a company, I helped them with a lot of asset management issues and developed processes for them. Their manager, who had like 10 years of management experience, had like 10x10 frame of A+ in his office wall.
    I do not mind people wanting to exhibit their achievements but c'mon... 10 yrs management in IT and displaying A+ on your wall, cards, emails.
    This same person hired someone who had barely any experience as a network admin, as a "senior network admin" because he had CCNA. Spoiler alert, he had to hire someone else with more experience to manage the company's network. I asked him WTF, why hire someone without experience for a position requiring a lot of in dept network skills? He said that he had CCNA and that was a very difficult certification. He assumed he had the skills.

    I finished my contract, delivered my sh1t and off I went to a new gig.
    meh
    Reply With Quote Quote  

  20. The ceiling is glass. PJ_Sneakers's Avatar
    Join Date
    Nov 2014
    Location
    169.254.0.1
    Posts
    759

    Certifications
    AccessData, Cellebrite, CompTIA, EC-Council, IACRB, (ISC)˛, Microsoft, MSAB
    #44
    Quote Originally Posted by xxxkaliboyxxx View Post
    This is the main reason [url=http://iase.disa.mil/iawip/Pages/iabaseline.aspx]
    PS: How in the hell did CFR get on there LOL.
    I agree 100%. I attended an official CFR class, and it had nothing to do with IR. It was about as deep as Security+ and had a very short and inadequate section on forensics. The courseware had very little to do with being a first responder to a cybersec incident.
    Reply With Quote Quote  

  21. Senior Member E Double U's Avatar
    Join Date
    Apr 2014
    Location
    The Netherlands
    Posts
    1,145

    Certifications
    CISSP, CISM, GCIA, GCIH, C|EH, and more.
    #45
    Quote Originally Posted by kurosaki00 View Post
    Their manager, who had like 10 years of management experience, had like 10x10 frame of A+ in his office wall.
    "Don't act like you're not impressed." - Ron Burgundy
    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Apr 2012
    Posts
    230

    Certifications
    A+, Security+, CCENT, C|EH, GCFE, GCFA, GREM
    #46
    Quote Originally Posted by DatabaseHead View Post
    If you have 5 years of security experience with a Security + and the CISSP or OSCP or something similar aren't you positioned to take off in the security field?
    Probably not. The idea that security is one field is a misconception. It is actually a number of distinct fields requiring diverse skill sets to perform in each one. People get multiple certifications in order to demonstrate proficiency in different fields.

    If someone applied to my SOC with Sec+ and CISSP they're not getting interviewed without significant directly applicable experience. A GCIA or GCFA, on the other hand, will almost automatically get an interview. When it comes to technical security roles, CISSP brings nothing to the table. If you follow the infosec Twittersphere at all, you'll note that #notacissp trends pretty hot, and a lot of folks have put it in their tag line. CISSP isn't exactly a negative bullet on a tech person's resume, but I do wonder what value calculation they made that made them decide to waste time getting it, rather than studying something that would improve their skills. That will get ferreted out in the interview.

    This isn't just to rag on CISSP. There are specific certs that are applicable to specific parts of the field, and indicate different levels of skill. Just having a four letter cert that starts with G isn't going to set you up to work wherever you want either. You need to have the right ones that demonstrate skill and training in the specific area for that job role. You could have OSCP, OSCE, GPEN, and GXPN, and still have no idea how to do lots of basic blue team things. (though you will have demonstrated that you know how to learn, which is REALLY important)

    The last thing I'd say is, as others have said, multiple certs demonstrates continuous study and improvement. In security that's more important than in many other areas of IT. Things in security change from week to week, or sometimes even day to day. Keeping up with the state of the art is very important to being able to perform the job. My org sends everyone to SANS at least once a year for this reason. This keeps everyone abreast with the latest and greatest tech and trends, and leads to racking up some certs.
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Oct 2016
    Location
    NJ
    Posts
    312

    Certifications
    CCNP R&S, CCNA(Security/Data Center), PCNSE 7, MCITP: Exchange 2010
    #47
    While I'm pro cert, I'm tired of them at the same time. I always want to be learning something, but doesn't mean I need to certify to do it. There are times I feel that I'd learn more, if I wasn't studying something so specific. For instance, right now my plans are finishing the the remaining 3 exams for CCNP Security and CISSP. Do I really need both? Probably not. I could probably get away with just the CISSP. If I did that, I could still study every day, but change it up often. learn Cisco ISE one week, learn ethical hacking the next week, etc etc
    Reply With Quote Quote  

  24. Senior Member xxxkaliboyxxx's Avatar
    Join Date
    Dec 2013
    Location
    Austin, Texas
    Posts
    408

    Certifications
    GCIH, C|EH, Sec+, eJPT, SCCC
    #48
    Quote Originally Posted by ramrunner800 View Post
    Probably not. The idea that security is one field is a misconception. It is actually a number of distinct fields requiring diverse skill sets to perform in each one. People get multiple certifications in order to demonstrate proficiency in different fields.

    If someone applied to my SOC with Sec+ and CISSP they're not getting interviewed without significant directly applicable experience. A GCIA or GCFA, on the other hand, will almost automatically get an interview. When it comes to technical security roles, CISSP brings nothing to the table. If you follow the infosec Twittersphere at all, you'll note that #notacissp trends pretty hot, and a lot of folks have put it in their tag line. CISSP isn't exactly a negative bullet on a tech person's resume, but I do wonder what value calculation they made that made them decide to waste time getting it, rather than studying something that would improve their skills. That will get ferreted out in the interview.

    This isn't just to rag on CISSP. There are specific certs that are applicable to specific parts of the field, and indicate different levels of skill. Just having a four letter cert that starts with G isn't going to set you up to work wherever you want either. You need to have the right ones that demonstrate skill and training in the specific area for that job role. You could have OSCP, OSCE, GPEN, and GXPN, and still have no idea how to do lots of basic blue team things. (though you will have demonstrated that you know how to learn, which is REALLY important)

    The last thing I'd say is, as others have said, multiple certs demonstrates continuous study and improvement. In security that's more important than in many other areas of IT. Things in security change from week to week, or sometimes even day to day. Keeping up with the state of the art is very important to being able to perform the job. My org sends everyone to SANS at least once a year for this reason. This keeps everyone abreast with the latest and greatest tech and trends, and leads to racking up some certs.
    You are 1 out of 100 hiring authorities that do not see it that way. CISSP is required by the contract or hiring agency to just get interviewed. In those cases, doesn't matter if you are a hacking child prodigy who hacked the national bank at 15 years old, but doesn't have a BS or CISSP, you won't get the interview.

    Commendable for your point of view, but just not valid for a lot of agency jobs or companies trying to work with the government in the US.
    Studying: LFCS
    Reading
    : Python Crash Course
    Upcoming Exam: GWAPT

    https://realworlditsecurity.wordpress.com
    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Apr 2012
    Posts
    230

    Certifications
    A+, Security+, CCENT, C|EH, GCFE, GCFA, GREM
    #49
    Quote Originally Posted by xxxkaliboyxxx View Post
    You are 1 out of 100 hiring authorities that do not see it that way. CISSP is required by the contract or hiring agency to just get interviewed. In those cases, doesn't matter if you are a hacking child prodigy who hacked the national bank at 15 years old, but doesn't have a BS or CISSP, you won't get the interview.

    Commendable for your point of view, but just not valid for a lot of agency jobs or companies trying to work with the government in the US.
    I definitely agree with you when it comes to the government and hiring agencies, I've observed it myself. We don't use recruiting agencies anymore for that reason. I think that those certs get you in the door for those jobs, which is why we don't throw away resumes with CISSP on them. You can't knock someone for doing what it takes to get past HR and through the hiring requirements. I'm not trying to say, don't go get your CISSP, but responding to OP's questions about being set for life once you get it, and why people would go seek more. My experience is also limited to large corporate industry, and we can pretty much hire who we want. In the government it's a whole different ballgame. (I used to work in government) That all being said, in my limited personal experience, the CISSP holders working at the analyst level in the SOC's/IR Teams I have worked in have generally been less technically skilled, and prone to making poor technical security decisions. I am sure the reasons for those things are very complex, so YMMV.
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Mar 2008
    Location
    Denver
    Posts
    111

    Certifications
    GXPN, GPEN, GCIH, CISSP, C|EH, CCNA, MCSE:S, MCSA, MCP, A+/N+/S+/L+/P+
    #50
    Quote Originally Posted by EnderWiggin View Post
    Having someone with a bunch of certifications and having a knowledgeable security team are not the same thing. It is entirely possible to learn technical skills without taking a multiple choice test afterwards.

    Your story also looks like it has nothing to do with certifications, and everything to do with leadership that didn't prioritize security.
    Agreed, leadership did not prioritize security. But that's a necessary component, not a sufficient one. Beyond prioritizing security various skill sets are needed to execute it. I completely agree that certifications are not necessary to having a knowledgeable and skilled security team. I will say that, having performed many technical interviews, people with multiple technical certifications correlate more reliably with better skills than people with no certifications at all, but that certainly is not always the case.

    More importantly, I think what the poster is alluding to is that there are many facets of security requiring diverse skills. Having certifications corresponding to those various skills is useful. Being certified in all of those various areas isn't necessary but it makes sense as it gives employers an indication that that one has some baseline level of knowledge there. Individuals with backgrounds in multiple areas are especially valuable because they have idea of how various components of security operations should work together.
    Reply With Quote Quote  

+ Reply to Thread
Page 2 of 3 First 12 3 Last

Social Networking & Bookmarks