Options

Benefit of Security Certifications

Sahil AroraSahil Arora Banned Posts: 47 ■■□□□□□□□□
in Other Security Certifications
Hey there
What would be the benefit of getting all Security Certifications(just imagining):D
· Share on FacebookShare on Twitter

Comments

  • Options
    chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    1. Education and the required skills to be at a very elite level of security engineering.

    2. A lot of interviews and job offers.

    3. A lot of money.

    4. A lot of job responsibilities.

    Just want to point out that certifications alone wont substitute the need for experience. You will always need experience to go along with your certs. However obtaining all security certs will probably take more than 5+ years so that is plenty of experience be that you do work in a security driven position.
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
    · Share on FacebookShare on Twitter
  • Options
    DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Security is still a growing field. With all of the recent hack attempts (don't we have like 15 major incidents in 2011 already?) companies are quickly learning to spend some money ahead of time to mitigate the risk or to spend a whole bunch of money to repair their image after the fact.

    It isn't like companies are just deciding now to hire security experts now. Security has always been a concern, and any good company has had somebody doing the work. What they're realizing now is that maybe having your network engineer double over and be your security engineer simultaneously isn't such a great idea. Sure he knows all of the basics and can cover the major holes, but somebody who knows security inside and out could cover many of the smaller holes as well. Having those certifications is one way to show an employer that you are knowledgable enough to cover the smaller holes as well.
    Decide what to be and go be it.
    · Share on FacebookShare on Twitter
  • Options
    Sahil AroraSahil Arora Banned Posts: 47 ■■□□□□□□□□
    @Chrinsone,please explain me that ho we would have lot of Job Responsibilities and lot of money by having all certs of Security?
    And please do explain point number 1 i.e,related to Study.
    · Share on FacebookShare on Twitter
  • Options
    docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Having all the security certifications in the world means you're either extremely talented and incredible, or (more likely) just a poser.

    Certifications can help instill some fundamentals, but it's not necessarily a requirement for being able to add value and ultimately achieving a better security posture. There are plenty of really, really good people out there who lack any certifications. Then there are individuals like me who have lots of certifications but isn't necessarily all that competent.

    The security-focused certifications by themselves won't necessarily give you solid grounding either. Having knowledge and experience (and perhaps certifications) in systems and networks, as well as programming knowledge, etc. help drive ability. If you want to look at some of the most respected certifications, look at the GSE as well as the OSCE. Formal training and being certified provides a framework and structure to follow, but real-world application goes far beyond that.

    But in the end, it's about how you figure things out yourself and a strong desire to constantly grow. Don't expect to just take some classes, get some certifications, and all of a sudden be qualified to do real security work. You have to pay dues in both experience and professional maturity.

    We've covered this quite a bit in this forum. If you really want to get your feet wet, learn to dig for information. We in security don't respect those who just want to be given a fish so they can eat for a day. We like it when they learn to fish so they can eat for a lifetime.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
    · Share on FacebookShare on Twitter
  • Options
    sb97sb97 Member Posts: 109
    My employers requires** certain certifications to even be considered for certain positions in the SOC.

    ** You can get by this with a lot of experience but it is a steep requirement.
    · Share on FacebookShare on Twitter
  • Options
    badrottiebadrottie Member Posts: 116
    A certification represents no more than a minimum threshold of knowledge that can be reasonably expected of the certificate holder. No more, no less.

    Some certifications do represent a greater value in the marketplace: CISSP, CISM, CISA, CCIE, etc. due to the having some or all of the following requirements:

    1) Experience requirements
    2) Code of conduct/ethics
    3) 3rd party endorsement requirements
    4) Progressive and demonstrable skill and knowledge (The CCIE is an excellent example of this)

    Assume two candidates were applying for an Information Security Analyst position in my company: one holds a Security+ certification, the other a CISSP. On the evaluation criteria, I would have a higher score assigned to the CISSP due to it being a tougher hurdle to cross, both from a minimum experience requirement and the well-recognized difficulty of the exam. (The fact that I also hold the CISSP does not hurt matters, as I know what is involved in obtaining it).

    Of course, the credentials that a candidate possess would only be one factor in making a decision, and there are a number of stellar candidates that hold none.

    It is a fallacy to think holding a credential will land you a job. What it does do is open a few doors that otherwise would remain closed. Once you walk through the door, the rest is up to you.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.