+ Reply to Thread
Page 1 of 3 1 23 Last
Results 1 to 25 of 55
  1. Senior Member
    Join Date
    May 2016
    Posts
    1,647
    #1

    Default Why so many certifications for the security field?

    Correct me if I am wrong....

    So I can see this scenario.

    You get an entry level certification to begin brand yourself entry level security, looking to break in the field. Security +

    You work 2 - 5 years doing your low level role and now you want to become a "pro". You get your CISSP or maybe one of those upper level pen testing certifications. Seriously.... If you have 5 years of security experience with a Security + and the CISSP or OSCP or something similar aren't you positioned to take off in the security field?

    Here is where I get confused, why do a lot of you get 8+ certifications as a professional. Project management for instance isn't like this. At MAX you would get 4 certifications, PMP, CSM, ITIL (for service management) and maybe six sigma, that would be TOPS (sorry left out prince 2, so replace one of the others). Still over the course of a project management professional (let's say 10 years, you only need to get 4 certifications to keep up with the Jones.

    But security is a different beast or so it seems. You have sooooo many certifications it has become ridiculous. Almost a joke from the outside looking in. Of course I say this with the utmost respect, knowing from you all that a lot of these are VERY challenging which makes it even more perplexing.

    Can some one shine some light on this? It seems security has surpassed systems and networking, and I'll be honest. In "real" life I know very few system guys with certifications, most of them had A+ many moons ago and it never expired and they still keep it as badge of honor of sorts. But once they get into the Unix/Linux/MS infrastructure ranks you don't see certifications that much. ***I've worked in 3 fortune 500 companies and even managed a infrastructure team for a short period of time. So my visibility into this has been from multiple angles.
    Last edited by DatabaseHead; 07-13-2017 at 02:57 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Pancakes and Lasagna kurosaki00's Avatar
    Join Date
    Nov 2008
    Location
    Indianapolis
    Posts
    943

    Certifications
    CCENT, A+, Network+
    #2
    Why so many colleges? private colleges? private "education" institutions? $$$$$$$$$$$$$$$
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Feb 2015
    Location
    The Interwebs
    Posts
    156

    Certifications
    PMP, CISSP, CISA
    #3
    There's so many because each tool/vendor has come out with their own: AWS, Google, Microsoft, F5, Splunk, Palo Alto, Solarwinds, etc.

    Then there all the vendor neutral ones: SANS, ISC2, ISACA, CompTIA, etc.

    It's fragmented but obviously there's a market for it and employers ask for specific skillsets and those certification bodies pop up new focuses/certs to fill those needs. Technology is constantly changing and evolving and so is the security cert market
    Reply With Quote Quote  

  5. Tecnomancer trojin's Avatar
    Join Date
    May 2013
    Location
    Ireland
    Posts
    121

    Certifications
    A+,S/S/S+,N+, CASP,CSA+,CCNA R/S & Sec & Cyber OPS, SSCP,EMC NetWorker Spec,SNIA SCSE,Prince 2,EITCA-IS,F5 BIG-IP CA/CTS-ASM, Intel Sec NSP
    #4
    Vendor neutral vs vendor oriented certs. Other story is different security jobs: network security, pentesting, SOC analyst, sec management. It's hard to find one cert or vendor covering all areas of interest.
    Good horse is expensive... A Trojan horse even more
    Reply With Quote Quote  

  6. I drink and I know things Ertaz's Avatar
    Join Date
    Jan 2006
    Posts
    673

    Certifications
    CISSP, CASP, CSA+, GPEN, CCNA Cyber Ops, Security+, MCP
    #5
    Quote Originally Posted by DatabaseHead View Post
    Correct me if I am wrong....

    So I can see this scenario.

    You get an entry level certification to begin brand yourself entry level security, looking to break in the field. Security +

    You work 2 - 5 years doing your low level role and now you want to become a "pro". You get your CISSP or maybe one of those upper level pen testing certifications. Seriously.... If you have 5 years of security experience with a Security + and the CISSP or OSCP or something similar aren't you positioned to take off in the security field?

    Here is where I get confused, why do a lot of you get 8+ certifications as a professional. Project management for instance isn't like this. At MAX you would get 4 certifications, PMP, CSM, ITIL (for service management) and maybe six sigma, that would be TOPS (sorry left out prince 2, so replace one of the others). Still over the course of a project management professional (let's say 10 years, you only need to get 4 certifications to keep up with the Jones.

    But security is a different beast or so it seems. You have sooooo many certifications it has become ridiculous. Almost a joke from the outside looking in. Of course I say this with the utmost respect, knowing from you all that a lot of these are VERY challenging which makes it even more perplexing.

    Can some one shine some light on this? It seems security has surpassed systems and networking, and I'll be honest. In "real" life I know very few system guys with certifications, most of them had A+ many moons ago and it never expired and they still keep it as badge of honor of sorts. But once they get into the Unix/Linux/MS infrastructure ranks you don't see certifications that much. ***I've worked in 3 fortune 500 companies and even managed a infrastructure team for a short period of time. So my visibility into this has been from multiple angles.
    First, you shut your mouth when you're talking to me database boy.

    Second, to answer your question, there is no monopoly on security technology. Where MS and Oracle are the big players in the RDBMS world, there are constant changes in the players and technologies in the security field. You're mainly learning a methodology in most of these certifications. The upside is that you get an understanding of a lot of technologies along the way, the downside is useless crap that fills your head (Two fish vs AES anyone? https://en.wikipedia.org/wiki/Twofish ) I'm guilty of trying everything to figure out where my niche is.
    Reply With Quote Quote  

  7. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    56

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN, OSCP
    #6
    Because there is a lot to learn.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    May 2016
    Posts
    1,647
    #7
    Quote Originally Posted by Hornswoggler View Post
    Because there is a lot to learn.
    Isn't that the case in IT in general?

    @Ertaz

    Wow, my manager this morning and now you!
    Reply With Quote Quote  

  9. I drink and I know things Ertaz's Avatar
    Join Date
    Jan 2006
    Posts
    673

    Certifications
    CISSP, CASP, CSA+, GPEN, CCNA Cyber Ops, Security+, MCP
    #8
    Quote Originally Posted by DatabaseHead View Post
    @Ertaz
    Wow, my manager this morning and now you!
    That's how you know you're challenging them. There's nothing wrong with a little adversarial dialogue every now and then.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Apr 2013
    Posts
    1,942
    #9
    Quote Originally Posted by DatabaseHead View Post
    Isn't that the case in IT in general?
    Yes, and security is about as wide as all of IT. "I'm in security" can mean anything from someone who does cloud access, to someone else who does only auditing and policy to someone else reverse engineering malware, it's all over the map. A PM can do more focused training, looking at ALL the security certs isn't really fair comparison. If you said pen testing for example you might say, oh they have the OSCP, and maybe something a little more general like a CCNA just to show other skills, and they're good. They don't need the CEH (for smart hiring managers anyway), the elearnsecurity ones, SANS GPEN, etc. If you're into forensics, maybe a SANS cert and something vendor specific like encase and you're likely good to go as well.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Oct 2010
    Location
    NATTED to nowhere!
    Posts
    508

    Certifications
    S+, N+, CEH, CSSLP, CISSP, CGEIT, CCSA, CCNA, CRISC, CASP, RHCSA, RHCE, CBE, GCIH
    #10
    DatabaseHead,

    A great deal of us Infosec folks come from IT Administration where we are jack of all trades. We may grab some MCSE, Cisco, Juniper, Linux, or RedHat certification.
    When someone obtains a Vendor Neutral certification, he/she is required to maintain that credential with CPE's. 40 CPE's a year is needed. One week of training will cover the CPE's. The mindset is changed to always learn because of how the credential is maintained and the constant change within Infosec. Most people do not choose to take the exam over every 3 years because it is a pain and easier to obtain additional training.
    Last edited by bigdogz; 07-13-2017 at 04:40 PM.
    Reply With Quote Quote  

  12. I drink and I know things Ertaz's Avatar
    Join Date
    Jan 2006
    Posts
    673

    Certifications
    CISSP, CASP, CSA+, GPEN, CCNA Cyber Ops, Security+, MCP
    #11
    Quote Originally Posted by bigdogz View Post
    DatabaseHead,

    A great deal of us Infosec folks come from IT Administration where we are jack of all trades. We may grab some MCSE, Cisco, Juniper, Linux, or RedHat certification.
    When someone obtains a Vendor Neutral certification, he/she is required to maintain that credential with CPE's. 40 CPE's a year is needed. One week of training will cover the CPE's. The mindset is changed to always learn because of how the credential is maintained and the constant change within Infosec. Most people do not choose to take the exam over every 3 years because it is a pain and easier to obtain additional training.
    This. Now I'm looking at going technical with an MCSE/CCNP/OSCP over the next 3 years.
    Reply With Quote Quote  

  13. Passion For IT
    Join Date
    Mar 2008
    Posts
    595

    Certifications
    MCTS, MCITP, MCP, A+, Server+, Security+, Project+, CCENT, CCNA-Sec, CEH, CHFI
    #12
    In addition to the security field being huge, it's also because the demand is increasing. There are a lot of people wanting part of that security cert pie. Get a cert out there, get some recognition, and more people will take that exam, bringing in more money. It's a for profit gig for them. Some are worth more in the workforce, and others are resume points... others are a laughable thing, but if it's in a job listing it's probably worth it if you want that job.
    A few certs here and there and everywhere...
    AAS: Computer Security
    BS: Information Technology - Security (WGU)
    MS: Information Security & Assurance (WGU)
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Oct 2010
    Location
    NATTED to nowhere!
    Posts
    508

    Certifications
    S+, N+, CEH, CSSLP, CISSP, CGEIT, CCSA, CCNA, CRISC, CASP, RHCSA, RHCE, CBE, GCIH
    #13
    Quote Originally Posted by Ertaz View Post
    This. Now I'm looking at going technical with an MCSE/CCNP/OSCP over the next 3 years.
    Good Luck Ertaz !!!
    Reply With Quote Quote  

  15. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,363

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #14
    Because we live in a credentialist world; everyone wants to get into the new cool thing...smart companies will release certs to make profit..why not

    I find it a bit odd coming from a Unix background where no one gave a damn about certs


    Remember when IT was the new cool thing and every wanted an MCSE/A+/CCNA ?
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Jul 2015
    Posts
    458
    #15
    In project management, there is usually a requirement for at least a bachelor's degree, which means roughly forty classes completed. In IT, degrees typically aren't required. Certifications are about equal to one college class though, in that you study for a while, then pass one test. It really just validates you have knowledge, in a similar way that other fields do so with degrees.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    May 2016
    Posts
    1,647
    #16
    Quote Originally Posted by UnixGuy View Post
    I find it a bit odd coming from a Unix background where no one gave a damn about certs
    In your experience, your peers in the Unix field didn't care about certifications? If so that is what I found as well, not that I am worth a dang at Linux/Unix but working hand in hand with these folks, it was like once they locked into Unix/Linux that was it and certifications had no place.

    Sorry just wanted to follow up with you in regards to this, I find it interesting.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Oct 2010
    Location
    NATTED to nowhere!
    Posts
    508

    Certifications
    S+, N+, CEH, CSSLP, CISSP, CGEIT, CCSA, CCNA, CRISC, CASP, RHCSA, RHCE, CBE, GCIH
    #17
    Most Unix people do not care about the certs. I also know a great deal of people who know unix that have a great deal of certifications (mainly infosec) and don't have the certs. It's just a different set of folks.

    When everyone wanted their MCSE and CCNA, there was no certification for Unix. If you knew Unix, you were not questioned. If you said you knew Unix and didn't, you were found out quickly and out on the street.

    I am certified because I work for a MSP. This is just to help our company with discounts on sales and priority on support.
    Last edited by bigdogz; 07-14-2017 at 03:14 PM.
    Reply With Quote Quote  

  19. Senior Member CryptoQue's Avatar
    Join Date
    May 2017
    Location
    US
    Posts
    192

    Certifications
    MBA, BSIT, PMP, CISSP, CCNP, CCDP, CCNA, CCDA, CCENT, NET+, SEC+
    #18
    The information security field is just scratching the surface and will continue to evolve as business are now ensuring it's incorporated into their business strategies. 10 years ago, there were 75% less security related hacks, leaks, and vulnerabilities. In today's world, everyone must be connected to their cell phone, social media, online banking, smart home devices, etc. All of these systems are vulnerable to security attacks. Certain fields like Project Management may change some of the years, but the core emphasis is still the same. A person that's has 20 years of project management experience can still be relevant in today's job market without having PMP certification. However, someone with 20 years of IT experience and no certifications can easily be beat out of a job by a person with 5 years of experience and 5 top tier IT certifications. I'm not saying that someone should go get 25+ certifications, but having relevant certifications to your field are extremely helpful for InfoSec professional in today's market.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Oct 2010
    Location
    NATTED to nowhere!
    Posts
    508

    Certifications
    S+, N+, CEH, CSSLP, CISSP, CGEIT, CCSA, CCNA, CRISC, CASP, RHCSA, RHCE, CBE, GCIH
    #19
    That person with 20 years of IT may look to be inactive or stale even though they are working on new technology. The company's now are looking for those certifications. The motivated person with the certifications will emerge the winner.
    Reply With Quote Quote  

  21. Senior Member CryptoQue's Avatar
    Join Date
    May 2017
    Location
    US
    Posts
    192

    Certifications
    MBA, BSIT, PMP, CISSP, CCNP, CCDP, CCNA, CCDA, CCENT, NET+, SEC+
    #20
    Agreed bigdogz. Having certifications shows employers that you're a continuous learner.
    Reply With Quote Quote  

  22. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,619
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #21
    From the opposite perspective, there is no ethical requirement to publicize the certifications that you have earned. Getting all the certs you want and not telling anybody is fine too.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  23. I drink and I know things Ertaz's Avatar
    Join Date
    Jan 2006
    Posts
    673

    Certifications
    CISSP, CASP, CSA+, GPEN, CCNA Cyber Ops, Security+, MCP
    #22
    Quote Originally Posted by JDMurray View Post
    From the opposite perspective, there is no ethical requirement to publicize the certifications that you have earned. Getting all the certs you want and not telling anybody is fine too.
    Never thought about buying a pageant dress just to wear it around the house. One could, I suppose...
    Reply With Quote Quote  

  24. Senior Member
    Join Date
    Mar 2008
    Location
    Denver
    Posts
    119

    Certifications
    GXPN, GPEN, GCIH, CISSP, C|EH, CCNA, MCSE:S, MCSA, MCP, A+/N+/S+/L+/P+
    #23
    It's likely because "the security field" is a much bigger animal than you think.

    https://taosecurity.blogspot.com/201...-mind-map.html
    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Apr 2017
    Posts
    325
    #24
    Some people are fortunate to have employers who push training down their throats and want them to be certified. Hell, I wouldn't pass up those opportunities either.
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Oct 2010
    Location
    NATTED to nowhere!
    Posts
    508

    Certifications
    S+, N+, CEH, CSSLP, CISSP, CGEIT, CCSA, CCNA, CRISC, CASP, RHCSA, RHCE, CBE, GCIH
    #25
    Quote Originally Posted by Ertaz View Post
    Never thought about buying a pageant dress just to wear it around the house. One could, I suppose...
    Maybe one could wear the dress when looking for a new job that could be more challenging and make more $$$ so in time you could buy another dress.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 3 1 23 Last

Social Networking & Bookmarks