Certifications serious debate

TonyTruong101

Hey Guys,

A little background information about my situation:

I have been working at a small company with about 100+ end users ranging from the field to the office where i spend most of my time. I am the main contact for help desk technician expected to resolve any troubleshooting requests involving our IT related equipment but i am currently not certified in any formal way. I was on my way to complete the CompTia A+ when I started reading more posts on techexams regarding CompTia Certs.

I read that CompTia is mainly for beginners without experience working with computers. I've been around computers since XP self taught, nothing technical and I've only been working with a Windows 2008 R2 Active Directory SBS environment for the last 3 years. But even then it was mainly adding and removing users , Setting up and editing exchange mail server so basic AD stuff. I also am a trainer for the company I work at as I am fairly comfortable speaking to strangers and training them to use IT related equipment.

What my issue is I read that CompTia certs have no worth especially the A+ I desperately want to get in the door with InfoSec. Should I skip the A+ entirely and go straight into Security +?

Also what job titles should I be looking at with my current experience.. I know it can't be much and I probably won't get into any IT security job without some sort of validated experience I just want to grow beyond my help desk role and advance further in my career but at this current moment I have no idea how to go about it.

EDIT:

I guess part of the reason also as to why I am confused is that currently I feel my IT director at my Small company is taking advantage of the fact I'm technical enough to follow his directions so i could do all of his work if he would have to leave for vacations (Which is very often) and after speaking with him about possible certifications or additional resources to learn from to benefit the company more. He just replies that "You posses everything you need to know at this company, and the company won't pay for you to go get more educated" even though I have stated I will pay out of my own pocket without reimbursement. He still is adament I am okay. But I'm not I want to grow as an IT individual.

N2IT

Depends

A+ isn't a bad certification to be honest. HR still eats it up, so you may want to remain on the A+ track. (May is the key word)

Not sure about the security certifications, but if you are interested in that side of IT I would consider getting a security certification, just one (until you get a job). Others on here can help with that.

I know several guys from the help desk back in the day who transitioned to security with 0 certifications. They basically brute forced their way in through relationship management with the other teams.

If you like A+ I go for it, if not skip it and look for something security related. CEH, SSCP, Security + are some people talk about on here. You may want to research those.

Also you may meet certain requirements for some of the higher end security exams if you manage access control or other domain security roles. Check with the pro's on this site.

goatama

So if you want to make yourself more valuable in your current position, an A+ is certainly worth it. It's not for beginners with no experience, and is definitely the first cert I recommend to anyone. I've worked with several folks who try to fake it in support roles and it's pretty obvious when they don't have the basic troubleshooting skills an A+ will teach you.

Security+ is good, but you still need a foundation. Unless you just want to go all theory, but people who know what they're doing are going to know you don't know what you're talking about and you'll likely get called out on it.

InfoSec isn't really a starting point, it's something you build to, at least that's been my experience. The most effective security folks are the ones who have been in the trenches and know what they're looking at. It's kind of hard to tell if malware is affecting your system if you don't know the ins and outs to begin with. What looks like a virus could just be improper settings. Same goes for intrusion detection, how do you know what to look for if you have no experience with what it should normally look like?

Just my $0.02.

LeBroke

Skip the A+ entirely. An MCSA in Server 2008 or 2012 would be extremely helpful for you to both increase your knowledge, and validate your experience.

Not sure whether Sec+ is worth it for you. If you're in the US, in an area with a lot of government contracts (i.e. Washington DC), it's very much worth it. If you're other places, skip it, get an MCSA, and then dive straight into hardcore security certs.

srabiee

With several years of professional IT experience under your belt, the A+ is likely not going to help you all that much at this point.

The Security+ would certainly be a better choice if you want to pursue the infosec path. However, the sooner you can move away from CompTIA and focus on vendor-specific certs, the better. Even CompTIA's own CASP certification isn't considered to be all that useful.

As far as your other questions and concerns go, it would be very helpful if you could post your actual updated resume.

bpenn

Do you have any experience in your current job performing anything related to security? Do you work with ASA's, HBSS, etc.? If so, you can tailor your resume to an info sec related job and use that specific experience you have acquired.

I would skip A+ entirely at this point. Look towards Security+ and then maybe CISSP, if you meet at least 2 of the 8 required domains. Also, how long have you been in IT?

TonyTruong101

Thanks for the quick replies guys.

@LeBroke I actually went in at my local institution to get a couple crash courses in windows AD to challange the MSCA. I started the first half of it and was suppose to go back this year to finish but without financial support of my current employer plus diminished hours (average only 20hrs/wk) I can barely afford to pay for schooling but still eager to take chances whenever I can. I might take a loan and finish the courses at my local institution before challenging that exam.

@Srabiee and I can definetly load up an updated resume once I am off and at my personal computer which will be around 1 PM MST

@Bpenn not currently. I just feel like thats an area where I can excel but maybe not? I mainly deal with networking , and server admin stuff. And currently I have been working in an "IT" related area for the past 3 years. This company is my first company that i can actually use as experience.

TonyTruong101

@Goatama I should of been more clear on that part that is my mistake. I should've placed that Infosec is the designation of where my IT career will be hopefully. And the question after should've been how can I get my foot in the door of a IT Security position with the current skills I have. Assuming HR recruiters won't be looking for an A+ cert.

LeBroke

TonyTruong101 wrote: »

Thanks for the quick replies guys.

@LeBroke I actually went in at my local institution to get a couple crash courses in windows AD to challange the MSCA. I started the first half of it and was suppose to go back this year to finish but without financial support of my current employer plus diminished hours (average only 20hrs/wk) I can barely afford to pay for schooling but still eager to take chances whenever I can. I might take a loan and finish the courses at my local institution before challenging that exam.

You can self-study fairly easily for it. Sign up for CBT nuggets, or even, ahem, Yarr, me hearties! some study materials. I passed 70-410 mostly by self-studying, though decided not to pursue the full cert, as I decided to focus on Linux instead.

To get a foot in the door for an infosec position, you need at least some of the below:

- Previous experience dealing with security
- Large amount of system/network administration experience (i.e. sysadmins regularly deal with hacks and remediation, netadmins often manage firewalls).
- Security certs. Generally means at least a CEH or similar-level certs.
- Risk management or digital forensics experience, both of which are immediately relevant to security.

TonyTruong101

LeBroke wrote: »

You can self-study fairly easily for it. Sign up for CBT nuggets, or even, ahem, Yarr, me hearties! some study materials. I passed 70-410 mostly by self-studying, though decided not to pursue the full cert, as I decided to focus on Linux instead.

To get a foot in the door for an infosec position, you need at least some of the below:

- Previous experience dealing with security
- Large amount of system/network administration experience (i.e. sysadmins regularly deal with hacks and remediation, netadmins often manage firewalls).
- Security certs. Generally means at least a CEH or similar-level certs.
- Risk management or digital forensics experience, both of which are immediately relevant to security.

Edit: Reread your post, made much more sense now.

cowill

People on here may look down on Comptia, but you SHOULDN'T....they serve a purpose, especially when you are job hunting or filling requirements....

A+ is hit or miss......I'd say since you are exercising A+ like skills, you can probably skip it at this point....I would say maybe start with Net+ and follow up with Sec+ right after

bigdogz

@ TonyTruong101,

If you want to get ahead of the game, the certifications help. If your boss pays it out of his pocket, that's fine but don't push it. Obtaining certifications will show your boss and others that you are willing to learn. If your boss leaves, to a small extent you will have to work to gain your new supervisor's respect.
The company not reimbursing you for your certifications may be a red flag but if your boss is there and most others know how well you work, you have a good chance of staying there if management shakes up. You cannot control that, you can only control what your actions.

In regards to the CompTia certifications, they do help. You may want to search Monster or Dice to see what qualifications are used/needed to perform your current job/position. These and other certifications will make sure that HR folks at other companies will make a check mark next to your name and place you in the pile to be looked at or maybe a call for interview.

If you are going into Security you need to get the fundamentals of networking, hardware, and how most applications work, including port numbers. I cannot tell you how many times some IT folks forget the simple things to troubleshoot issues.

Good Luck!

eSenpai

A LOT of the people replying to you already have the A+. That should tell you something even if their words might lead you to think something else. Not that I disagree with most of them but I feel that some are missing the very thing we argue...err...discuss at higher levels. That being that just popping in to get a security certification means very little if you can't apply the knowledge to discern things not given to you on a plate.

That said, when I read your original post what I see is probably what I would see if I read your resume and that is you have some experience with hardware but not a lot(And I don't mean just being able to swap ram/SSD/etc but understanding the differences in say the ram types and why/where we would use them most effectively). You didn't go into what you train on specifically but I happen to work with a lot of technical certified trainers. They can teach and troubleshoot to a degree but most can't recommend or expound on differences in hardware beyond what they are teaching. Most could not tell me why x86 is less secure than x64 unless it was something they had to prep for a class. This last bit (ability to apply learned knowledge) is vital in an interview were I hiring you at any level for a technical position. My personal bias is on display here so YMMV but I really really want my security people to come in knowing a lot about a lot because that is what security will boil down to at the pointy end of the stick. It is not simply knowing the latest vulnerability, how to remediate it with a vendor patch, what tool could be used to exploit it, or incident response protocol. It is the understanding at a fundamental level what the vulnerability means technically and how it could open us up to be exploited beyond the news release blurb. This is where real security begins even though all of the other things listed are important as well.
Will you get all of this with the A+? NO.
Will it help you get there? Yes.
All of the fundamental certs will help you layer knowledge onto each other for a good base of understanding.

Additionally, getting the cert shows progression on your part; plus if you already have the knowledge then the tests are EASY and you are only out of pocket the testing fee. If you don't have the knowledge represented by the A+ then...you need it. Get the A+.

I did it for different reasons than you but after a decade plus in IT, I got foundational certs in order to understand if they had value for my teams and to understand just how much I should value them on a resume. In my opinion, most(not all) of the CompTIA certs have some value. This won't automatically get you a job but it might get you a second look and a chance.

Mike-Mike

everyone wants to look down on A+ on here all the time, but the bottom line is, it is one of the most recognizable certs there are, and one of the most asked about it job ads. Pound for pound it probably has a very high ROI.

Even if you think you are above it, who cares, then it's an easy cert to add to your resume.

anhtran35

Yes it's an easy certification to obtain. However, he already has Help Desk IT Support experience. I suggest you go straight for an MCSA that will secure your System Administration experience. Afterwards, go for the Security+, CEH, SSCP and CISSP. The CISSP should be the hardest to obtain. I can see this path taking about 3 years before you can obtain all the certs due to finances and study.

GreaterNinja

For Security it is really good to know Systems (MCP/MCSA/Linux) and Network (Network+/CCENT/CCNA) and well....security policy experience (Security+ and higher certs).

Ideally you want to have at least 1 cert in at least 3 realms.
However it is possible to go MCSA -> Security or CCNA -> Security.

If you only choose 2 of 3 realms I'd say go networking then security...it pays better in networking and infosec.

alias454

My .02, get the A+. It goes hand in hand with proving your current experience, then take the Sec+ or something along the MS tract. You may be hard pressed to go from helpdesk to sysadmin. It will be more likely you go from helpdesk to desktop support, which the A+ will be beneficial to you landing interviews. If you have the experiance you say you do then the A+ should be a very easy cert to obtain, Yes it costs a little bit of money but get it and leverage it to a higher paying job so you can afford higher level certs.

Good Luck.

srabiee

Here's a good question for you guys to complicate matters further: At what point in your career should you allow the A+ cert to expire and/or remove it from your resume? (generally speaking)

As you know, it expires every 3 years and costs over $300 to renew through the ce program.

TheFORCE

srabiee wrote: »

Here's a good question for you guys to complicate matters further: At what point in your career should you allow the A+ cert to expire and/or remove it from your resume? (generally speaking)

As you know, it expires every 3 years and costs over $300 to renew through the ce program.

Mine doesn't expire. I got it back in 2006

Danielm7

If your current boss isn't willing to pay for certs or support you in it, then stop asking him and do what you want to do anyway. I worked for a small company that wouldn't do any of that, I finished my entire BS while I worked there and picked up a bunch of certs and never mentioned it to them. They've already cut your hours down to 20 a week, just focus on yourself, then go get a better job that does appreciate you.

TheFORCE

Danielm7 wrote: »

If your current boss isn't willing to pay for certs or support you in it, then stop asking him and do what you want to do anyway. I worked for a small company that wouldn't do any of that, I finished my entire BS while I worked there and picked up a bunch of certs and never mentioned it to them. They've already cut your hours down to 20 a week, just focus on yourself, then go get a better job that does appreciate you.

What he said is 100% true!

shortygirl

LeBroke wrote: »

Skip the A+ entirely. An MCSA in Server 2008 or 2012 would be extremely helpful for you to both increase your knowledge, and validate your experience.

Not sure whether Sec+ is worth it for you. If you're in the US, in an area with a lot of government contracts (i.e. Washington DC), it's very much worth it. If you're other places, skip it, get an MCSA, and then dive straight into hardcore security certs.

I'd second this. The A+ is really only good to get past the HR loopholes.

TonyTruong101

Thanks for everyones insight and input! I really did need to hear it from other people. After taking in what everyone's said I believe my path will be to finish up my A+ to validate my knowledge for my work experience as a helpdesk technician.

My concern was reading some posts regarding A+ and after getting some people in my llife around me tell me that "Why bother with A+ which validates your knowledge on hardware if what you want to do is with Security" (my roommate being one of those people XD) it threw me off course.

I am planning on finishing the A+ for the upcoming month. Then go study for Network + while securing a desktop support role hoping to branch into a networking / sys admin role.

Hopefully I can come back in a few weeks time with good news!

N2IT

shortygirl wrote: »

I'd second this. The A+ is really only good to get past the HR loopholes.

Probably only second to a bachelors degree in IT.

goatama

srabiee wrote: »

Here's a good question for you guys to complicate matters further: At what point in your career should you allow the A+ cert to expire and/or remove it from your resume? (generally speaking)

As you know, it expires every 3 years and costs over $300 to renew through the ce program.

I haven't included the A+ on mine for a few years; I've moved past the need for desktop support skills being listed on my resume. My most recent resume, which led to my current position, just has a heading "Relevant Certifications" where I listed the ones relevant to the job: C|EH, CCNA:Sec, CCNA, Sec+, VCP, TCNA

But I think I'm in the rare boat where I only apply to jobs I'm fully interested in and qualified for, and then I tailor my resume and cover letter to fit the bill.

DevilWAH

A lot of people say skip the entry level exams, but I would honestly go after them, you should be able to complete them quickly Especially if you have some experience and they really help highlight any areas you might miss just learning on the job.

I remember back doing my ccna I already had 3 years experience of deploying Switches and routers, and 80% of the material was way below what I had been doing, but then I would come up and find a passage or two in a book that linked things together and made me think again how it all fitted together, and how to approach things in a more vendor natural way.

to many engineers I have worked with skipped straight on to the professional and beyond level and while great at there specific field they have know experience or understanding out side it, and this makes them the most frustrating people to work with. I have meet high level Checkpoint firewall engineers that struggle to set up a static IP on a windows machine, and have no clue about the fundamentals of routing, some even struggle to describe the concept of sub-netting.

oxymoron5k

I recommend the A+ because it's a fairly easy test and it taught me how to study for and take certification tests. There is also some useful information in there that I still use. The commands in the command prompt you are taught are very useful. Obviously some if not all will be taught in the other certs mentioned as well.

TonyTruong101

Any concern I had was will i always just be working for someone if all the validation for education is from certs + experience? Or is it possible to branch say 10-15 years down the road into a management role. I am thinking more long term and what phase of my career would be like. Again I could be way off thinking it in terms like that.

TonyTruong101

oxymoron5k wrote: »

I recommend the A+ because it's a fairly easy test and it taught me how to study for and take certification tests. There is also some useful information in there that I still use. The commands in the command prompt you are taught are very useful. Obviously some if not all will be taught in the other certs mentioned as well.

I actually found studying for the A+ fun for I didn't know the technical reasons for some of the hardware that came into existence today and the need was created. Was fun learning about it up until I started comtemplating the worth of the certificate.. but i'll jump back on it and focus on completing it.

xD Lucas

I have a buddy of mine that's 28, no certifications, no degrees, and has a Systems Administrator job for one of the biggest private firms in the country.

kurosaki00

Skip A+
They have a value... for someone who's new in the field. Are you wanting to downgrade from System Admin to help desk? what?
Then you dont need A+
Sec+ and MCSA are my suggestion for you.
Get a new job, get more sec certs, get better job