Information Security Certifications……
June 22nd, 2008 Drazen Drazic Posted in Bad Stuff, Disclosure Laws, Research, WTF |
At Securus Global (blatant marketing plug for all readers should you need our services), when I hire specialists to join the team, “certifications” to me, mean zip…nothing….zero! We get CVs all the time and we are in a proud and lucky position based upon our reputation that people want to work at SG! I feel honoured by that and every CV sent to us, makes me feel like SG, as an organisation, is somewhere, where real industry passionate dudes want to work!
If you’ve seen my latest stuff on Twitter, you will know that I am having a go at BS certification. (Yes, I know I do PCI DSS but you know my thoughts on that!).
Okay, now in a rare moment (as I hope most of you would acknowledge), I am taking a CEO, Practice Manager, Principal (or is it Principle) position here: I HAVE ZERO INTEREST OR CARE FACTOR ABOUT CERTIFICATIONS IN OUR INDUSTRY! Almost all the best guys I know have NO Certifications!
My point….in case you were wondering, and are still reading is….if you are going for a role and a “certification” is THE KEY criteria, that organisation has no clue, and if you miss out on the role, don’t feel bad about it! They probably were not for you!
Okay, I may upset a few people, but name me one [cert] that I would really want to have in my next hire over people I have in my pipeline and showing their “cert” would add any extra value to my organisation!
We’re in 2008 now and the IT Security industry is mature enough now not to need “bodies” to tell us what we need to be like and know to be able people in our industry! It’s all a wank!
June 22nd, 2008 at 1:58 am
This is breath of fresh air to hear. Money and money is what makes this and professionals need show this to people as credibility but decision makers have no idea and make decisions on who has a degree or certification. You have money….you look like a genius!
June 23rd, 2008 at 12:22 pm
Agree with you, certs are pretty useless in most scenarios. The only time I can think of (or have heard of) when they are useful/neccessary is when giving evidence in court. For judges, jurys, lawyers etc to be able to know this person is a EnCE/ACE or CEH and has a CISSP or whatever other TLA it might be, can lend weight to their evidence (this can be good and bad or course).
June 23rd, 2008 at 11:06 pm
Let my CISSP expire this month (which I got in San Diego of all places in 2002) after I managed to blag the recert last time i.e. 3 years ago I made up the CPE credits and paid my money. They were very helpful in re-certifying me
Aside: I still have about 400 keywords in white print in all my CVs that allow for automated searches/indexing to pick up on. Personally I would like to see an infrastructure peep having worked in all areas and all disciplines, or the same for a coder… this would satisfy me more than any ‘cert’ even CCIE! Also, expressions of simplicity that are born of the knowledge and struggles with complexity go a long way in my book. The social side and ability to gain trusted status can never be underestimated also! (very hard to learn retrospectively!) Tech changes, people don’t!
When are you opening the Melbourne office?
June 24th, 2008 at 11:40 am
@D2,there’s times where the knowledge learned going through the process is good. I acknowledge that. For new people wanting to come into the industry, the study materials for some of the certs are really good - good foundation knowledge upon which to build up specialisations, business awareness etc. I wouldn’t even discourage people taking on some of the more well known global certs because I know many decision makers will look for this on CVs as a key requirement. Just for me, it does nothing.
Re: Melbourne - working on it! Soon I hope!