Slashdot Mirror
What Certifications are Valuable in Today's IT?
ganjadude asks: "I am a twenty-something who took the CCNA classes back in 2001. College at the time was not an option, so I am mainly self-taught in the field. I was wondering if there were others on Slashdot who took this route, and what certifications they have found will best further their careers. Does college matter in the security field anymore, or are certifications the way to go?"
What certifications would you recommend as the most pertinent in today's IT market?
- Certified Information Systems Security Professional (CISSP)
- Oracle Certification Program
- Sun's Java Certification Levels
A few things I can tell you to steer clear of is Microsoft Certified Solutions Developer or Microsoft Office Power User. In my workplace, all I hear is people making fun of those certifications over and over and over again. I don't know if they are jokes but from what I hear, it's a stupid idea to pay for them.I think in order to get good answers from people, you need to break down what division IT is. I know the CISSP is very important to my employer due to a lot of our apps requiring major security. If you're a glorified secretary making powerpoints with click-actions then maybe "Microsoft Office Power User" is right down your alley? What job are you looking for? IT is a HUGE and now diverse term. It could mean everything from networks to programming to simply moving hardware.
That's a shame, with a name like 'ganjadude' I think you would have enjoyed college quite a bit.
My work here is dung.
These: http://www.sun.com/training/certification/
A good university degree should help you to learn and reason, and will teach you stuff you don't want to learn but that will later turn out to be useful.
:-)
In some jobs, especially in larger companies, there's a ceiling, you can't be promoted above a certainl level without a degree.
And yes, if you want to be a consultant, the contacts and the prestige of being associated with a well-known university are worth an awful lot, like it or not.
In computer security you need to stay ahead. Certifications use a course curriculum which was set maybe a year, two years, even three or more years ago and updated; with a certification you'll always be behind the curve, ever so slightly. You need to learn how to be on top of reasearch, be comfortable reading research reports and know how to follow and understand citations. So there's a whole cultural thing that you may need to be part of.
Yes, all if this is vague and hazy, and all of it is long term. By the time there's a concrete need for it, by the time you lose out on a contract or are passed over for promotion, and realize you needed a degree, you won't have one
Live barefoot!
free engravings/woodcuts
= 7.50/hr job at Staples and moving back in with my parents. This was back in 2001 when the .com crashed and I had to compete with everyone with years and years of experience who were laid off.
Also I had no job experience in IT at the time and didn't go to college. I figured the certifications would be a way to enter the field yet I was wrong.
I am older now with some college as I continue to go back to school and the labor market is improving. With minimal certifications you can work at geeksquad or some help desk position for as much as $14/hr today to start out. I now repair computers but this came after a few years of taking bad jobs and getting my associates. But get your degree if you want to go anywhere. Colleges today have a record number of students in them compared to the past. Employers are taking note and requiring degrees for everything. The babyboomer generation only had %24 of those with 4 year degrees. Today generation Y has %70+ attending college!
http://saveie6.com/
(Note and disclaimer: I am not a security pro. I am a system administrator, and hold an RHCE. I also have a college degree, although I took a good long time to finish it up.)
The CISSP is pretty much considered the gold standard of security generalist certifications. CISSPs rarely hurt for jobs for long.
If you're interested in something Linux related, you may want to look at Red Hat's Certified Security Specialist program. To get it, you need to complete the RHCE first (which looks good on a resume in and of itself), followed by an additional three exams covering network security, distributed authentication, and SELinux. Each exam is offered by itself, or on day five following a 4-day intensive course. Not exactly for the faint of heart, though, so if you're focusing on network level security without a lot of system administration, you'll probably want to give it a miss.
In my experience, it depends on what your prospective employers are looking for.
Me, I'm a UNIX admin with a MS in Engineering, no certifications and completely self taught. I've never (knock on wood) been out of a job, and right now I'm working with a bunch of people who put more value on what I could do and how I worked with a team than what certifications I (don't) have.
A friend of mine is a great Windows admin. He knows his Active Directory stuff well and all the arcane Exchange best practices like the back of his hand. He has multiple MS certs and works in a shithole. The last place he interviewed at, everybody on the team loved him but when his resume got to the VP he threw it away because he doesn't have a college degree. Threw it away. Over the objections of all the people who actually talked to him.
So, given that, gather a few of the cheaper certifications you can to get your foot in the door with the ignorant. They won't impress people who really know what the story is, but it will get you in the door to talk to them and impress them with what you really know.
Personally I never had a desire to go to college. I started working at an ISP when I was 15 due to my desire to learn, not to mention Linux experience. I've had my share of crappy IT jobs working at a repair shop, or what have you. However all of that served as a good learning experience. I am 22 and currently hold a CCNA and MCP (I only did MCP because my ex-employer had an MCSE and I bet him I could pass an MCP without studying, and I won) I currently work in an environment where everyone else has a bachelor's or better. I'm a Network Engineer, dealing in a large enterprise Cisco network, I make about 25/hour when you break it all down without ever setting foot in a college. I'm not saying a degree is not the way to go, but it's not the only way to go.
In a world of acronyms, the words are the real victims.
Have any or all of them and $0.75 and you might be able to buy a cup of coffee at 7-Eleven. Seriously, I have a few, didn't pay for them myself, and wouldn't ever pay my own money for them, nor would I pay for one of my employees to go waste time there.
If you missed the Dilbert about, 'I summon the powers of certification'... go find it, it hit this right on the nose.
Hands on, reading the f*ing manual, figuring it out in YOUR network situation, calling tech support, etc. is better, cheaper and more worthwhile than any certification you could pay for. Those classes just digest the manual for you, then give you a few brief labs on basic stuff that you will need to modify, extend, get help to do, back at your office anyway.
-=Marz
The only people I know who get certified are those who feel they need something to prove they can walk the walk. This usually comes out when you ask then to talk the talk. Mainly a certification only helps those who need help; those who know what they are talking about and know what they are doing rarely get certification and generally don't need them. At least this is from all the interviews I have been in. It's usually experience that is the big qualifier and not certifications.
This is my sig. There are many like it but this one is mine.
I have no certs but here is what I find:
Certs are a nice bump when the guy looking doesn't know what they need at all. College is useful b/c it shows you can complete a long term project. Good professional projects are their own certification (another reason I like project work). Being able to speak lucidly on working X problems through with Y technology and Z constraints is the most useful point to any employer and many will recognize that.
That said, if you don't know what you want to do, certs show that you know the domain of a technology. MS certs are not as useless as they used to be and are probably the most marketable. Just, never, never, never put your certifications at the top of your resume. As a rule of thumb, if the certs are the thing you are most proud of, I don't need to read the rest.
Most of these posts are utter nonsense. If you have a college degree, even if it's not in the branch of technology that you're applying for, and even if you didn't go to the best college, it doesn't matter what certifications you have. The only thing that matters is WHO you know.
If you have been friendly to recruiters, to professors, and to peers/colleagues, then one of them will suggest you for a job, and you will get it, no matter how unqualified you are. I speak from experience. Why?
Because a smart person can be trained to do anything, but a jerk will always be a jerk (for the most part). If an employer can find out that you aren't a jerk ahead of time, then you're gravy.
I worked as musician when I came out of a good college with my CS degree. I finally broke into CS because the guy I was interviewing with happened to have been a poker buddy of my father's ... 15 years ago. Major coincidence, but since my father had a good rep, he thought that I would be ok too. In less than 2 years following that, my salary went up by $15k.
So, quit worrying about your certification, nerds. Worry about your people skills.
burrocrisy
and that would be what? Ruling by jackasses? Never has a slashdot misspelling been more apropos
I am a 30 something, who started in the field in '86 while still in high-school. Everything I know is self-taught. Experience is the key. Too many short term memorizations have made certifications not worth the paper they are printed on.
List your experiences, and areas on knowledge.
In most cases that's as good as or better than college / certifications. If someone out there won't even interview you because you don't have a college degree, or certifications, then they are an idiot, and you wouldn't want to work for them anyway.
I've been continuously employed in enjoyable and enriching positions (2 for the entire 20 year period). It took me all of 3 days to find a new position when I tired of the old company.
Who is general failure, and why is he reading my hard drive?
You obviously don't know what the CISSP is. It is not a technical certification, it is aimed at people who are interested in risk assessment, security management, and such. So people doing a CISSP are very likely to already be part of the management.
The certification process is far more complicated than you seem to think. First of all, just to qualify for the exam you need to have a proven 4-year experience in IT security (or 3-year + college degree). Then if you pass the exam, which is not that easy, you still have to go through an interview where your professional experience is validated by people who are not that easy to bullshit. You also need to provide some kind of credentials or endorsement. It's a serious business.
So knowing the difference between a rootkit and spyware might be interesting in a very small segment of the certification process. But the actual requirement is to master the ISO-19977 guidelines, and to have a proven track record in information security management.
lucm, indeed.
More knowledge and skills is just about always a good thing, but to most technical managers that have been doing their job long to have lived throught at least one failed project, knows that actually experience is worth more.
The next most important thing is to understand the hiring process. If you are employed, look at the process itself about how you got hired, and how they hire others in the IT department. HR people hire differently than a IT manager, start-ups have different priorities than Fortune 500 companies. For a resume to get past a HR desk on an advertised job, realise it is one of hundreds if not thousands of resumes in the pile. The first cut is a broad quick cut intended to weed out the random and boiler plate submissions. Most IT managers want to look at no more than 20-50 resumes to make their own short list of who to interview. If you get an interview in my experience it tends to come down to making sure you did not lie, and seeing if you would be a good fit with the existing staff and manager. I've seen good candidates not hired because they were more like a hippie and the group had a bunch of ex-military employees already, so the manager wasn't confident that they would gel. A 40 year old security expert with a MBA may be past over by a 32 year old security manage who is self-taught, if he feels his job security threatened.
I prefer (4 year) university degrees for two reasons: a) commited 4 years to learning about one subject, this weeds out a lot of people who just expect to be paid lots of money because they say they are in IT - for a career level job I want someone with a passion for technology. b) They have more general (theorical) knowledge which makes migrating to new technology easier / quicker for because in my experience they have a better understanding of the foundations of what the change is about, and are more experienced at learning as a skill onto itself. The candidate is not as limited to button-ology style learning. Neither of these are exclusive to university education, but in my own experience more frequently found in someone with a four year degree in Computer Science or similar area (Math, Physics, Pre-Law, Philosophy, Music, Engineering).
For a computer security career, I would seriously recommend a degree, because it is a rapidlly changing field, including some programming experience, some business or management knowledge / skills, and you need on-the-job IT experience to form a well tuned BS detector (from vendors, managers, users, and infrequent attackers).
For certificates, look at the SANS' various certs for an idea of what people are looking for, but whether they are worth the cost is another question I can't answer.
...seem to prefer certification of residency in India or China. And they're willing to pay accordingly.
We are the 198 proof..