What Certifications are Valuable in Today's IT? 185
ganjadude asks: "I am a twenty-something who took the CCNA classes back in 2001. College at the time was not an option, so I am mainly self-taught in the field. I was wondering if there were others on Slashdot who took this route, and what certifications they have found will best further their careers. Does college matter in the security field anymore, or are certifications the way to go?"
What certifications would you recommend as the most pertinent in today's IT market?
A Few to Note (Score:5, Informative)
- Certified Information Systems Security Professional (CISSP)
- Oracle Certification Program
- Sun's Java Certification Levels
A few things I can tell you to steer clear of is Microsoft Certified Solutions Developer or Microsoft Office Power User. In my workplace, all I hear is people making fun of those certifications over and over and over again. I don't know if they are jokes but from what I hear, it's a stupid idea to pay for them.I think in order to get good answers from people, you need to break down what division IT is. I know the CISSP is very important to my employer due to a lot of our apps requiring major security. If you're a glorified secretary making powerpoints with click-actions then maybe "Microsoft Office Power User" is right down your alley? What job are you looking for? IT is a HUGE and now diverse term. It could mean everything from networks to programming to simply moving hardware.
That's a shame, with a name like 'ganjadude' I think you would have enjoyed college quite a bit.
Easy (Score:3, Informative)
Yes, college still matters (Score:5, Informative)
In some jobs, especially in larger companies, there's a ceiling, you can't be promoted above a certainl level without a degree.
And yes, if you want to be a consultant, the contacts and the prestige of being associated with a well-known university are worth an awful lot, like it or not.
In computer security you need to stay ahead. Certifications use a course curriculum which was set maybe a year, two years, even three or more years ago and updated; with a certification you'll always be behind the curve, ever so slightly. You need to learn how to be on top of reasearch, be comfortable reading research reports and know how to follow and understand citations. So there's a whole cultural thing that you may need to be part of.
Yes, all if this is vague and hazy, and all of it is long term. By the time there's a concrete need for it, by the time you lose out on a contract or are passed over for promotion, and realize you needed a degree, you won't have one
security related certifications (Score:3, Informative)
The CISSP [isc2.org] is pretty much considered the gold standard of security generalist certifications. CISSPs rarely hurt for jobs for long.
If you're interested in something Linux related, you may want to look at Red Hat's Certified Security Specialist program [redhat.com]. To get it, you need to complete the RHCE first (which looks good on a resume in and of itself), followed by an additional three exams covering network security, distributed authentication, and SELinux. Each exam is offered by itself, or on day five following a 4-day intensive course. Not exactly for the faint of heart, though, so if you're focusing on network level security without a lot of system administration, you'll probably want to give it a miss.
Re:A Few to Note (Score:3, Informative)
Re:A Few to Note (Score:5, Informative)
Having said that, the credentials open up a lot of doors to interviews. However, once you get the interviews, you still have to prove the work experience and knowledge. The only places that accept credentials without verifying knowledge are companies I do not want to work for.
Bottom line: Certifications help you to rise to the top in the first cut. Work experience, personal skills get you through the second cut. In depth knowldge gets you the job. Business skills get you the promotions.
Ignore the certs if you want, but you'll have a harder time getting the interviews.
Re:A Few to Note (Score:4, Informative)
Such billing differentials may or may not roll down to your salary.
They're only important to you as a CONsultant because you're less likely to have to burn bench time if you've got more certs, because you can be placed in different roles on different projects.
Re:CISSP (Score:3, Informative)
The certification process is far more complicated than you seem to think. First of all, just to qualify for the exam you need to have a proven 4-year experience in IT security (or 3-year + college degree). Then if you pass the exam, which is not that easy, you still have to go through an interview where your professional experience is validated by people who are not that easy to bullshit. You also need to provide some kind of credentials or endorsement. It's a serious business.
So knowing the difference between a rootkit and spyware might be interesting in a very small segment of the certification process. But the actual requirement is to master the ISO-19977 guidelines, and to have a proven track record in information security management.
Knowledge is power, but experience is golden (Score:3, Informative)
The next most important thing is to understand the hiring process. If you are employed, look at the process itself about how you got hired, and how they hire others in the IT department. HR people hire differently than a IT manager, start-ups have different priorities than Fortune 500 companies. For a resume to get past a HR desk on an advertised job, realise it is one of hundreds if not thousands of resumes in the pile. The first cut is a broad quick cut intended to weed out the random and boiler plate submissions. Most IT managers want to look at no more than 20-50 resumes to make their own short list of who to interview. If you get an interview in my experience it tends to come down to making sure you did not lie, and seeing if you would be a good fit with the existing staff and manager. I've seen good candidates not hired because they were more like a hippie and the group had a bunch of ex-military employees already, so the manager wasn't confident that they would gel. A 40 year old security expert with a MBA may be past over by a 32 year old security manage who is self-taught, if he feels his job security threatened.
I prefer (4 year) university degrees for two reasons: a) commited 4 years to learning about one subject, this weeds out a lot of people who just expect to be paid lots of money because they say they are in IT - for a career level job I want someone with a passion for technology. b) They have more general (theorical) knowledge which makes migrating to new technology easier / quicker for because in my experience they have a better understanding of the foundations of what the change is about, and are more experienced at learning as a skill onto itself. The candidate is not as limited to button-ology style learning. Neither of these are exclusive to university education, but in my own experience more frequently found in someone with a four year degree in Computer Science or similar area (Math, Physics, Pre-Law, Philosophy, Music, Engineering).
For a computer security career, I would seriously recommend a degree, because it is a rapidlly changing field, including some programming experience, some business or management knowledge / skills, and you need on-the-job IT experience to form a well tuned BS detector (from vendors, managers, users, and infrequent attackers).
For certificates, look at the SANS' various certs for an idea of what people are looking for, but whether they are worth the cost is another question I can't answer.
Re:MCSE + A+ (Score:1, Informative)