Home page logo

basics logo Security Basics mailing list archives

Re: University Degree or CISSP
From: Greg van der Gaast <gvandergaast () yahoo com>
Date: Thu, 26 Jan 2006 09:17:12 -0800 (PST)

Ok, I was following until you said this:

"much, much more technical [Certifications].  Those
would be the Cisco CCNA (don't waste yer time with the
CCNP, get the CCNA, but be prepared for ALOT of
studying about routers and the routing protocols --
also their tests are brutal"

I don't know how the heck you can consider CCNA highly
technical and certainly not how you can consider the
test "brutal" and requiring "ALOT" of studying.

Now I took the CCNA. I went to Borders (not even
knowing what a subnet was at this stage), bought the
ICRC book, went to sylvan 2 weeks later and got a
CCNA. You can be a complete moron and get a CCNA with
ease with 0 practical knowledge. CCNA is a
PREREQUISITE for CCNP. CCNA teaches you RIP. ACRC (1/4
of the CCNP) teaches you ospf, igrp, eigrp, bgp4,
weighed queing, etc, etc. The CCNP is infinitely more
valuable than a CCNA. 

I don't mean any offence but you seem to be
demonstrating the same ignorance recognizing skills as
the recruiters you're talking about.

Unless you want to be a support tech who occasionally
has to reset a router's password, there's little
that's useful in CCNA. Granted, more recruiters know
CCNA as a buzzword. I care about doing my job well,
and if that means waiting for an employer to come
along that knows it's stuff, so be it. it'll save me
from losing my mind once I'm working.

That said, cisco's tests are some of the easiest I've
seen. Easier than MCPs and that's saying a lot. I
(someone with absolutely zero networking knowledge at
the time) managed to get CCNA, CCNP (4 tests), CCDP (4
tests, 3 of which overlap with CCNP), CCNA WAN, CCNP
WAN(4 tests), CCDP WAN(4 tests), and MCNS (managing
cisco network security) in the span of 14 weeks on my
own dime and time. No courses.

I don't know how you can perceive these things as
difficult but in my book they're easy. Too easy. And
it's precisely this ease that makes them less valuable
for me and why I don't waste my time getting
certifications anymore. Of course there's some

Sadly I agree with some of your points. Good, tough
certifications aren't as common and clueless
recruiters therefore don't recognise them because they
don't bother doing research. A couple friends of mine
have gotten CISSP and complained of it's ease. I won't
waste my time on it. SANS GIAC however seems much
tougher and forces people to think and write about the
subject. I would like that challenge.

There are plenty of companies out there that are
looking for GOOD people. The only barrier is
recruiters that don't recognise GOOD people. That's
the challenge. You can sell out and saturate your
resume full of crap, or you can accept the challenge,
refuse to compromise, and deliver. It might take you
2, 5, even 10 years to get through but that challenge
will only make the future years sweeter by making you
resilient, and truly knowledgeable. IT existed long
before IT certifications did. None of the brilliant IT
pioneers had certifications. Granted, many of them
went to university, but most of them put in more
effort playing in labs than studying, and plenty of
them didn't get a degree. 

--- Bob Radvanovsky <rsradvan () unixworks net> wrote:

OK, time for my $0.02 worth of commentary.

Ladies, the outcome from all of this bickering is
simple: you need both.

I have several degrees that are both business and
computer related, along with slightly over 2 dozen
certifications.  Realistically, the ONLY reason
having a certification is so you can: (1) either
promote yourself better within your company to
acquire or move to a higher paying position, or
move onward to another company, demonstrating your
knowledge and skillset.

This goes back to my original analogy of Dr.
story of the "Star-Bellied Sneeches".  The
outcome was that neither was better than the
and they needed each other to band together. 
having the CISSP certification does have some
because of its length in the industry and how some
recruiters consider it prestigious.  That may be. 
However, I know people who, not only have the
but other security-specific certifications, and
couldn't perform a risk assessment, penetration
analysis, case study, or even a simple audit
consulting the "Auditing for Dummies" book (there
isn't one that I'm aware of, but I am simply being
demonstrative for this case).

Consequently, I've known college students that got
almost straight "A's" throughout college.  And 'ya
wanna know what they're doing today?  Unemployed. 
Yup.  And the reason why?  They can't *apply* what
they know, because they never really studied, only
memorized, the material.

It is a balance of having both items.  If you look
closely at many job requirements, it's something
the effect of cert plus degree, or degree with
experience, or cert with experience.  Simply
them both is no guarantee that you'll get the job,
and consequently, having experience but no degree
cert won't get you the job, either.

A friend of mine pointed something out to me in
simple terms.  Recruiters are nothing more than
order takers, very similar to those order takers
from fast food restaurants, such as McDonalds. 
of them have very little knowledge of the
knowing just enough of the terms and buzzwords to
dangerous, but have practical knowledge in how to
read and comprehend people.  What they're good at
doing is filling slots for companies -- nothing
more.  Companies give the orders on what they want
filled, and what are the requirements.  The
recruiters try and attempt to fill the slots as
as possible.  And any recruiter that tries and
me that there's more to this is crazy.  For
we had ONE job position available here in Chicago
recently.  The next day, 24 recruiters attempted
state "unique job opportunity", all funneling into
that ONE job position that had opened up.  Also,
these recruiters used the exact same job posting
boards that you and I use: Monster, AllJobs,
USAJobs, HotJobs, etc.  So, how is that helping
out?  They'd like to say that they have their own
selective search database and that their service
unique and comprehensive.  Rrrrrrr-ight.  Many of
them *share* data between each other.  It goes
to filling slots and them getting their commission
checks -- nothing more.  In fact, most recruiters
would rather that people move from job to job to
more regularly, because they'd get a fatter,
bonus.  I know several long-time colleagues from
IT industry recruitment field (about 15 years
and they occasionally come to me with a job req.,
asking if I'd be interested.  It's always the same
thing, doing the same crap, day in, day out, and
offers nothing more than a lateral move for me. 
BUT...what it does do is give me a little bit more
insightful information as to how their recruiting
process works.  Recruiters try and get people to
sign up with them for their *EXCLUSIVE* search
database, almost stating that they'd GUARNTEE you
job.  HINT: if you listen carefully, and have done
this as long as I have, you'll never actually hear
them "guarantee" you a job.  To do that would be
misleading, and I'm pretty sure that it might even

=== message truncated ===

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]