In your opinion what certification is the most misunderstood?

My first reaction is Windows 7 680 but then again I think of all the times I see ITIL mentioned as a project management certification.

I've seen a lot of guys think that 680 is all about troubleshooting the OS. Even purchasing the book and then you hear them talk about how this is more a server certification or they are shocked how difficult the material is. Some not all say that.......

ITIL is another that people think is a project management cert. It's much higher level than project management and focuses on service oriented view.

Those two strike me as very misunderstood. Thoughts?

I'm willing to bet their are a few I don't have a freaking clue about.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

onesaint

I'd have to go with the CCNA. It's not the cert itself that's misunderstood. But, what the cert will and can do for someone's career. Back in 1999, my wife asked her Father how to make 100K. His response, get CCNA and MCSE certified. Which was so in those golden days, but the hype has never died down and thus the certs potential is widely misunderstood.

Iristheangel

I've seen a lot of companies and HR departments mistake the CISSP as a highly technical exam. I've had to explain to managers that because someone has JUST a CISSP that alone doesn't make them qualified to configure the security on every network device or server.

jmritenour

I second Iris on the CISSP. It is very policy/management heavy, and I don't even consider it a technical certification now that I have done it myself. I think out of 250 questions, MAYBE 25% were technical in nature, and that's being generous.

techdudehere

Being an MCSE in 1999 didn't make a person 100k, o do I wish it did! I was an MCSE in the late 90s and either I was really bad at marketing or wasn't as easy as the history books make it sound.

onesaint

Ahh, but were you a CCNA as well?

I'm sure you're right. Though, I have heard stories about folks who landed high up positions sans credentials, just to fill gaps. Funny thing is that still goes on with the fed now.

NOC-Ninja

Definitely CISSP.
I know a CISSP that couldnt figure out how to deploy WCCP after a year of troubleshooting it.

Iristheangel

BTW, sorry about my random grammar/spelling errors. I'm usually typing on my Touchpad or phone and autocorrect is a pain. I swear I'm not retarded

ChooseLife

CISSP was the first one that came to mind - before reading others' comments.

Slowhand

I've seen a couple of certs being mis-represented in job-posts lately:
-

CISSP listed as a requirement for a hands-on, mid-level security position, (with no degree requirements for the job.)
Some confusion between CCNA and CCIE for advanced and entry-level networking jobs, respectively. (Buzz terms, and all that.)
Similar confusion between MCSE, MCP, and MCITP.
MCITP: Enterprise Administrator being listed as "MCSE 2008".
Seeing "any Microsoft certification" as a requirement for working helpdesk.
Etc.

-
The biggest culprit, though, I think is still the good ol' A+ cert. I've seen first-hand, and heard horror-stories, of people being turned down for work because they don't have it. Most recently, a former coworker received a letter stating that he didn't fit the requirements for a Sr. Windows Admin position because he wasn't A+ certified. (Yup, I scratched my head at that one too.) A few years back, I was told that a contract gig I took was almost snatched away from me because I didn't have the actual card in my wallet for my A+ cert. (I didn't know whether I was supposed to be thankful or insulted.) Never mind that the gig involved the design and configuration of an entire AD infrastructure. . .

I guess something about this particular cert has been buried deep in the collective HR-psyche over the years. For my two cents' worth, the CompTIA certs are a stepping-stone to help you land a job when you're first starting out, and to give you a foundation to build on when you're progressing to Microsoft, Cisco, or any other higher-level vendor cert. The A+ is definitely a standard fixture on many IT resumes, but it seems that some people think it's obligatory for IT work, (at any level,) not just incredibly common.

powerfool

I am not sure that it is the most misunderstood, but in regards to the previously mentioned CCNA, many folks assume that if you are a CCNA you can handle Cisco, in general. I was talking with my box about our ASA at one point and told him it wouldn't be a big deal to handle it. His response was, "I sure hope so, you are a CCNA." I explained to him that the CCNA didn't cover anything related to the ASA (or PIX), other than the prerequisite networking knowledge someone needs to firmly grasp and a command-line that is moderately similar.

I would say that the MCITP had a long misunderstanding following after the MCSE that had become so well-known. Surely, that is the reason that Microsoft is moving back towards the MCSE and broadening to all of their certification areas.

tpatt100

CISSP for me, I didn't need it a few years ago working in security but had to get it because it was the most requested buzz word on the job boards. I am glad I got it "now" but feel I wasted a year that would have been better spent studying ethical hacking.

Iristheangel

I think CEH is a bit misunderstood as well. I think a lot of non-IT or HR folks assume you are highly technical and can pen test if you have it. In reality, it's not as technical as one would think. I think the only highly-technical hands-on security certification I've seen so far is the Offensive-Security ones which aren't as well known, but they look like fun. Reading about them prompted my to buy a laptop and install Backtrack on it to teach myself some new skills.

bigdogz

If you had both the CNE, MCSE, and maybe even the CCNA some time ago you could just have someone do your bidding. That was the first certification trifecta.

I will be taking ITIL soon and I have heard from a couple of my friends that it was rather easy but needed nonetheless.

I agree with Iristheangel on both the CEH and CISSP.
I did tell my boss and coworkers the CISSP was not as technical and the CEH was an exam where you had to remember tools. They have made it more difficult but not like the OSCP which I will be taking at the end of the year. I had a friend take it and he had a problem with the last part of the exam. In addition, he is not that much of a programmer.

My biggest problem nowadays with these certs is the fact that you have to pay AMF's for some of them for "membership". I would think that it is one step from being a union.
I don't mind the CPE's/ECU's/CE's... but now in the case I am audited I have binders for each certification to document that I am paid through the current year and I have obtained the correct amount of credits to maintain the credentials.

tpatt100

I think most certs are so generalized and are written assuming your business operates in a "all one vendor" shop anyways. That is probably why after WGU I am just going to take vendor netural stuff and focus more on labbing rather than testing.

N2IT

@tpatt

I agree about labbing over testing. I've been doing a lot of that with MS Project (doing mock schedules with multiple projects) I've also been incorporating a lot of managerial accounting and financial principals with Excel. This strategy has been working great lately. I am retaining a lot of information and saving a lot of $$$.

YuckTheFankees

@ Iristheangel

I completely agree about Offensive-Security certifications, OSCP and OSCE are completely underrated. I have literally never heard a negative comment regarding OSCP or OSCE.

Iristheangel

Thanks, YuckTheFankees. I like the format of the certifications since you can't brain **** them. They pretty much give you a virtual network and say "hack into it and document what you did. If you can't do it to our specifications, you fail." AWESOME. I can't think of any other certification exam that mimics real life more than than that except maybe the CCIE lab

onesaint

The Red Hat exams are like that. "Here's a RHEL install, do some work on it."

The OSCP/E is pretty crazy sounding though. You've got 24 hours or something to hack a network and document it. That's pretty awesome.

tpatt100

The hands on exams are more costly but I doubt the big name vendors want to reduce the opportunities for test takers. They see a marketing value with certs.

If I were to pursue hands on certs it would be probably my primary cert which isn't really a bad thing.

ptilsen

I actually think MCSE is one of the most misunderstood certification. Many managers, even technical professionals, don't really understand what skills and skills level MCSE (and MCITP:EA) indicate. The most common misconception is probably for helpdesk jobs. Not only are those jobs almost always well below the skill level of a typical MCSE, but the material of MCSE (and EA) really doesn't relate to the day-to-day of most helpdesk jobs.

N2IT

PT no question about that.

Slowhand

I agree with ptilsen about the misconceptions surrounding the MCSE. Probably due in large part to 2000 and 2003-era dumping of the exams by so many people, Microsoft's flagship certifications took a serious hit in credibility and prestige. I have definitely seen helpdesk jobs, PC tech jobs, and other entry-level gigs list MCSE certification as required or recommended. The MCSA is targeted at mid-level sysadmins, the MCSE was meant to be for senior-level folks. . . It's no wonder Microsoft wanted to change the name of their cert-programs back in 2008.

I've also heard from many employers in my days of interviewing that they don't trust Microsoft certs as much as those from Cisco, Red Hat, etc., because "MCSEs don't know anything". I've even talked to working systems administrators who pride themselves on NOT being MCSA or MCSE certified because it would supposedly de-value their work with Windows networks and put them to shame in comparison to their *NIX-administrating counterparts. Unfortunately, those rough-and-tumble early days when people burned through **** and got their Server 2000 MCSE credentials haven't just hurt the cert, (and the very idea of becoming certified in general,) it also gave the profession of Windows sysadmin as a whole a serious black eye.

Priston

I love it when the managers at cisco have absolutely no idea what the CCENT is.

N2IT

It seems the CISSP is getting a lot of votes. I was always under the impression it was a management certification, but my manager at the time had it and explained what the certification was all about.

paul78

N2IT wrote: »

....CISSP is getting a lot of votes..... my manager at the time had it and explained what the certification was all about.

Would you mind sharing what was your manager's perception?

Slowhand wrote:

CISSP listed as a requirement for a hands-on, mid-level security position, (with no degree requirements for the job.)

Interesting - I had an opposite thought about that. If someone can demonstrate 5 years of infosec related experience with a CISSP, that would seem to be an adequate replacement for a degree with possibly no related experience. For jobs where a requirement may be "college degree or related experience" - if an employer felt that there was more weight on the "related experience" side of the equation, I would think that a CISSP would be a good substitute. Would you mind elaborating on your point of view? It's not something that I have considered in the past. Thanks.

Iristheangel

CISSP does require 5 years of experience in two separate security domains but that could be almost anything. For example, someone who developed the physical security of a company for four years and worked in maintaining operational security for another year could get their CISSP, but I wouldn't trust them as a security architect or CSO. they might not be technically minded at all. The CISSP is more of a management exam that doesn't have very many technical questions. Employers see thr CISSP as the gold standard of security without really understanding what its about or the requirements for it.

N2IT

@ Paul

It's been a while, but basically he mentioned security compliance and architecture at the time, there were some other elements as well I have forgotten. He kept it high level knowing I didn't have the understanding of security back then that was required to carry on an in depth conversation. My former boss not being a "technical" guy made me aware then the certification required a vast array of security knowledge, but was unlike the other technical security certifications I was aware of back then. He also made note that the material you were tested on if put on a bookshelf would reach X amount of miles or something crazy like that.

He has his PMP as well and I used to ask for assistance more with PMO type activities. He was dual role back then director of the PMO and security. Although he is an adjunct professor at a local University teaching PMI - PM classes, his professional role now is VP security officer for a fortune 500 finance company. The guy is a bright as they come. MBA, MIM, PMP, CISSP, CS. His CS, MIM, and MBA all came from a top 15 business school as well. Great mentor to say the least and it has been a honor!

This has been at least 4 years ago maybe longer. That reminds me I am going to shoot him a message it's been way to long. Thanks Paul!

KenC

I think a lot of the problem is that far too many people confuse & equate certification and experience. It's across the board too - take these forums here as a random example, you see a member with a long list of varied certifications and then they post a response to a thread that just makes you cringe as they have the basics all wrong.

Slowhand

@paul78
I think you may have misunderstood. It wasn't my opinion of the market, that was actually a job-listing I saw recently. A very hands-on position, where probably something like a CCNA Security or CCNP Security certified individual would have been better suited, with no degree-requirements or equivalent years' experience explicitly listed in the ad. Essentially, the training and educational requirements for the CISSP would most likely have been overkill for this job.

paul78

@Slowhand - ahh - I see what you mean.

@N2IT - thanks for the thought. That's seems inline with how I would perceive the CISSP cert.

@Iristheangel - I do think of the CISSP as a "gold standard" but I agree with you that it's not the "gold standard". The knowledge and experience required to get a CISSP provides a baseline - so as a baseline standard, that certification is probably the best metric available today for generalized infosec knowledge. When I see someone that has a CISSP or any certification, that informs me that the individual at least "should" be able to understand the nomenclature of the topic being discussed. I don't view the CISSP as a management-level certification, having a CISSP does not imply that the individual is capable of management - it's just a baseline.

I do agree with @KenC - IT certifications and degrees really ought to be viewed more as a baseline versus some zenith of accomplishment. It's really no different than any other profession. I often see this with lawyers, non-legal lay-persons often equate that someone with a law degree can handle all issues related to litigation, privacy, intellectual property, etc. when those items are actually specialiaties and require specific experience and/or education.

@N2IT - good thread - I do wonder if it's folks that aspire to hold a certification that misunderstands the value/meaning of a certification or if it's managers that seek qualified staff. I bet its a little bit of both.