Top Heavy?
The question of the day, do you list your lesser certs? On your resume or LinkedIn or whatnot?
I came across a post today on LinkedIn in which someone said they were seeking a high level cert, the EC-Council LPT. They said: "I passed the ECSA and hope to become an LPT. I have the CEH, CISSP and CISA." Now for some reason, the first thought in my mind was, "where is this guy coming from?" Okay, you have a bunch of management certs... wheres your experience? (in this case, I am using certs to validate knowledge accumulated via experience.) So I looked at his profile, after an initial look, everything checked out. So I read it. Seeking IT position... Seeking IT Audit or Security position. Okay, I wouldnt put as my current employment, but I won't judge. Previous work experience... Work as a government contractor (or military personnel) doing non IT audits... Whers that 5 years experience for the CISSP? Wheres that other knowledge?
I'm not claiming the guy was a paper cert, further down he listed his Net+ and Security+, but where is the experience? I see this quite often these days, people jumping into the security field, getting that golden CISSP, or what not, but... where is the administration experience? My recent foray into pentesting has only enlightened my knowledge that yes, practical knowledge of information systems is necessary to be a good security professional.
Sorry if this seems to be splitting up into two complaints, but w/e... lol. So am I the only one thinking/seeing this? Is the existence of "elite" certs killing the quality of professionals filling these positions?
I came across a post today on LinkedIn in which someone said they were seeking a high level cert, the EC-Council LPT. They said: "I passed the ECSA and hope to become an LPT. I have the CEH, CISSP and CISA." Now for some reason, the first thought in my mind was, "where is this guy coming from?" Okay, you have a bunch of management certs... wheres your experience? (in this case, I am using certs to validate knowledge accumulated via experience.) So I looked at his profile, after an initial look, everything checked out. So I read it. Seeking IT position... Seeking IT Audit or Security position. Okay, I wouldnt put as my current employment, but I won't judge. Previous work experience... Work as a government contractor (or military personnel) doing non IT audits... Whers that 5 years experience for the CISSP? Wheres that other knowledge?
I'm not claiming the guy was a paper cert, further down he listed his Net+ and Security+, but where is the experience? I see this quite often these days, people jumping into the security field, getting that golden CISSP, or what not, but... where is the administration experience? My recent foray into pentesting has only enlightened my knowledge that yes, practical knowledge of information systems is necessary to be a good security professional.
Sorry if this seems to be splitting up into two complaints, but w/e... lol. So am I the only one thinking/seeing this? Is the existence of "elite" certs killing the quality of professionals filling these positions?
Comments
-
powerfool Member Posts: 1,666 ■■■■■■■■□□There are many folks that do not put much in the way of experience on their LinkedIn profiles... its not uncommon; it isn't exactly a resume, although it can certainly be used as one. I know many people that only display their current gig.2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro