Certification? When does it end?
roninkai
Member Posts: 307 ■■■■□□□□□□
I was just thinking about this this year as I wrote down a list of certs that I wanted to work on. I was just wondering at what point does all the effort to study, practice, exam, pay annual fees, end and stop producing an ROI? I enjoy the challenge of tackling a new cert, but as I get older I still wonder "is it all worth it?". I know it probably depends on the person and the objective, but I'm finding more and more people at the top in my organization and field w/o certs who you'd think would have them. And I'll also read about people making CIO or CISO without a single cert to their name. Granted they may have some IT management experience, but I just find it funny that certs are pushed so hard on the IT and cyber community, yet its not really the bar to measure yourself by if you're looking to make it to those higher levels. Anyway, just spatting out loud as I look at my ambitious cert list thinking "do I really need to go this route, another year of hardcore study and time away from my family?".
浪人 MSISA:WGU
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
Tagged:
Comments
Salary
Position/Title
Skill improvement
Accolades of accomplishing a tough goal
The journey itself
A project
I suppose if you hit most of these from a career and personal desire I could see someone losing interest in certs. I am starting to get to that point myself, where I’m a little older now and am getting tired of certs. I honestly feel I have until 2021-2022 when I just call it quits and maintain the certs I have going forward. I am also targeting certs that don’t expire going forward.
I also want to look into owning a business, franchise, real estate, building an app, whatever it takes to be financially independent. Being in the information technology industry as an employee has its limits, the market has dictated what a junior or executive management should be earning a certain amount regardless of how hard you Work.
I digress, the topic of certs and stopping has been on my mind lately lol
rant over
2023 Cert Goals: SC-100, eCPTX
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
I do certs mostly to keep myself focused for specific topics otherwise I'll bounce all around all the time, and to learn new things that might help me transition to a new job focus. At my level there is almost no chance that, outside of a few specific ones, most companies will hire or not hire only based on certifications.
I think the idea that specific certs, outside of maybe the CISSP just as a baseline gatekeeper thing, would matter for you getting a director or CISO level job is very unlikely.
For example, @dragonsden
2020 Level Up Goals: (1) CISSP-ISSAP (2) CAP (3) PMP (4) OSCP
These are all over the place. Architecture, pentesting and project management. There is a point where you're just beating yourself up and spreading yourself too thin but the ROI won't make sense.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Finally, it help me to measure what I learning by myself, and it is a way to achieve something with time that could be seen as lost.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
At retirement? Or maybe a few years before. I don't know if even making the CIO position gives you a free pass to let your skills degrade. Even CIO's can get fired for incompetence, security breaches, project failures, disaster recovery failures, the company going under. So long as you need to stay relevant in your position to get hired elsewhere, education and certifications will be important. You don't necessarily have to be always improving your skillset, but you need to keep up enough to stay relevant at your current career level.
The same could be said of anyone of us, getting comfortable in our current position, just do enough to keeping up with you current role. Than BAM! Huge Security Breach, company suffers millions in lost revenue and damaged reputation. We need someone to blame, I know we'll fire the CISO and Security director. Problem solved. Now they are out on the open job market with expired security certs, or worse yet no certifications. Maybe they are lucky to get let go during a boom economy, and get another position fairly easily. Or they are not, let go during a deep recession, unemployed for months, even years. "I used to be a big important CIO once, would you like fires with that Happy meal sir?"
That's what Certifications are important, they are insurance against the unexpected. I once had a nice cushy government contractor job, no certifications, making good money, decent health benefits, company paid travel, life was good, till it wasn't, laid off due to government cuts, it was a humbling experience. I got lucky and eventually landed something better, but easily could have ended up stuck in a series of short term contract roles, with no health insurance and no real future.
- CISSP-ISSAP: been working an architecture heavy role for 2 years, and studied on/off for two years. I just need a quick refresher through the CBK and I think I'm ready.
- CAP: I've worked RMF for 4+ years. I think all I need to pass this is a re-read through 800-37 and maybe 800-53 to be ready.
ISSAP/CAP were the low hanging fruits just to cert out for experience that I already have.
- OSCP/PMP: these are the big boys for the year. Yes, totally different focus and goals and could be entirely unrealistic. I studied for OSCP last year, but wasnt ready to cert out. I guess I want this more for the challenge than anything. a notch in the belt up the cyber pathway. I dont see myself working a pentest role since they pay considerably less than i am making now. Perhaps leading a red-team though, this could be beneficial.
But yes, these are simply shiny marketing letters that may trigger a new job opportunity, or get you noticed within your current company for a special role.
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP
Goals: CCNP Enterprise(ENCOR + ENARSI), AWS CSA - Associate, Azure AZ-104, Become better at python, learn docker and kubernetes
Degree: A.S. Network Administration
Pursuing: B.S. in I.T. Web and Mobile Development Concentration
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
Yeah, I probably would not pursue technological certs, i.e., Cisco, Microsoft, AWS, etc., rather I would pursue managerial certs, or training. Of course any manager or above in tech needs to have a strong foundational tech knowledge to make good decisions, whether it's choosing a specific vendor platform or deciding to move the entire IT system to the cloud.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Speaking industry specific, one thing that I've seen in the SaaS industry is that over the last ~5 years customers expect certified security staff. And I think security requirements will expand as their vendor management programs continues to mature. I see security certifications, based on frameworks or non-vendor specific methodolgy, as worthwhile.
I also agree with @yoba222 and @TechGromit, part of the value can be an insurance policy in bad times. But based on recent experiences I believe there could be a ceiling. The top tier companies in technology don't seem to care about them, at least not their own. They're just now getting around to requiring their own employees to pass them.
As someone who has been the hiring manager in the past, I primarily cared about what you could do. But I will to say, that if I had two resumes that were relatively the similar, I would have been more inclined to first reach out to the candidate that had the certifications to go with the experience. As with most things opinion-based, YMMV.
Goals: CCNP Enterprise(ENCOR + ENARSI), AWS CSA - Associate, Azure AZ-104, Become better at python, learn docker and kubernetes
Degree: A.S. Network Administration
Pursuing: B.S. in I.T. Web and Mobile Development Concentration