Re: RE: Value of certifications

["Yousef Syed" <yousef.syed () gmail com>]

Nate,
The majority of Certs out there simply prove that you are good an
memorising a few things - they don't prove you KNOW anything. That
only comes from experience.

Getting an Alphabet-Soup of certs after your name shouldn't be a goal
and certainly won't help you per-se.
Even though I have certifications, none of them appear on my
CV/Resume; I only acknowledge that I have them if the job specifies it
as necessary -  I believe my experience speaks for itself.

If you want to improve yourself and show that you are seeking
knowledge, then get yourself a Degree (preferebly from a decent
school), and if you already have one, then get an InfoSec MS.
Then get yourself 4+ years experience and get yourself a CISSP (if you
really feel the need).

Trying to "break into the security field" isn't all that complicated.
I can't think of a field in IT that doesn't have a security angle to
it.
+ If you are acoder, do you try to write secure code?
+ If you are sys-admin, do you ensure that you systems are patched
+ If you are a network admin, do you monitor your networks
Databases, Applications, OS, Webservers, App-Servers... all of it needs securing


Don't try to do it by short-cuts. Put in the time to learn your field
by working in it and doing bigger and bigger projects.

You're only 21, you have plenty of time ahead of you...

Goodluck
ys

On 27/04/07, nate kelly <nate.kelly.linux () gmail com> wrote:
> Here is my certification conundrum, I am 21 , far too young to have gained
> any more than a few years experience, I am working very hard to break into
> the security field, I am currently working toward my MCSE+S and plan to take
> as many certification tests as possible (they are paid for and I love
> tests). I know that employers would be a bit weary hiring such a young MCSE
> because I don't have the amount of hand on experience as others that are
> older, but my plan was to get my certs to show that I am capable of
> comprehending the concepts, is this an appropriate approach or will people
> look at my certs and assume that they must be just paper on account of my
> age? is this a flawed approach? would it be a good idea to present my
> certifications with this disclaimer?
>
>             -Nate
>
> On 4/27/07, Simmons, James <jsimmons () eds com> wrote:
> > Exactly.  Nicely put.
> > This is what I opt for. Your should not get a job because you have a
> > particular cert. Look at any hiring site (monster.com,
> > Careerbuilder.com, etc.) and look how many jobs say "CISSP Required".
> > When I was looking for a job long ago, I would not even apply for those
> > positions cause they obviously do not get it. I would understand it they
> > say "CISSP a plus" , or something to that effect, but required?
> >
> >
> > Regards,
> >
> > Simmons
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> > On Behalf Of Yousef Syed
> > Sent: Friday, April 27, 2007 9:58 AM
> > To: Nathalie Vaiser, RFC, FMM
> > Cc: security-basics () securityfocus com
> > Subject: Re: RE: Value of certifications
> >
> > Nathalie,
> > Be patient.
> > Get the real world experience - there's no substitute for it.
> >
> > Do it at work and do it in your own time.
> > Setup your own home-network and play with it.
> >
> > Subscribe to forums like this and spend more time reading and learning.
> > There are plenty of conferences - some are free, others you might be
> > able to get funding from work. If they want to pay for your
> > certifications aswell, get them, but don't rely upon them.
> > There's a huge amount of information available online - use it.
> >
> > Security is a large area. Find a field that you consider interesting and
> > one that you feel you have an aptitude for - seek to become an expert in
> > it. Whether it is securing applications, Crypto, Firewalls and Networks,
> > Pen-testing...  the list goes on and on. Try to keep abrest of the other
> > domains and technology, but remain focused on your core strengths.
> >
> >
> > Basically, don't get a certification for the sake of it. The people that
> > are hiring you (unless you plan to become just another number in a HR
> > system) should be more interested in what you've done and what you can
> > do. If the employer is more interested in the certification than in your
> > actual experience and knowledge, then they aren't worth working for
> > (IMHO).
> >
> > Good luck,
> >
> > ys
> >
> > On 26/04/07, Nathalie Vaiser, RFC, FMM <nat () ultraservice com> wrote:
> > > Hi guys,
> > >
> > > What would be recommend for someone who is fairly new to the IT-world
> > > and has a strong interest in security?
> > >
> > > The CISSP requires 4 or 5 years of related work experience.
> > >
> > > Would Security+ be recommended in that case? Or is there another
> > suggestion?
> > >
> > >
> > >
> > > Thanks
> > > Nathalie
> > >
> > >
> >
> >
> >
> > --
> > Yousef Syed
> > "To ask a question is to show ignorance; not to ask a question, means
> > you remain ignorant" - Japanese Proverb
> >


--
Yousef Syed
"To ask a question is to show ignorance; not to ask a question, means
you remain ignorant" - Japanese Proverb