I have been listening to this thread, and I have a couple of things to add, hopefully to clear some air. If you are a "security professional", or want to be, I would recommend taking a certification course from a company that has pull within the industry. I have worded this very specifically. The valid derision of current security professionals notwithstanding, a security certification will provide you with enhanced credibility when presenting yourself as an authority on security. As the industry grows, and more and more people who know nothing about security are looking for people to manage security for their organizations, the certification will be something that business people will use as a litmus test for keeping or discarding resumes. If there is a company with a certification process that is at least reconizable by name, it will increase your marketability. This has been true for over two decades, and not just in our industry. A university degree does not say anything about a person's ability to perform and grow in a certain job. Many highy motivated, highly skilled, and highly experienced people have been passed over for a position because they don't have a university degree listed in the Education section of their resume. In fact, companies may pass over the best candidate in exactly this manner. As an anecdote, I know a research scientist who teaches at a University in Canada, and this person never completed their degree. They did a great job on thier 4th year thesis, started working for their professor, consulted to companies in their area of expertise, etc., but never actually graduated. But who cares?! These lucky/resourceful people are in the minority. When an employer has 100 resumes on their desk, they are going to choose who looks best on paper to bring in for interviews. Anything that can go on the resume to make you look better will increase your chances of success. This is true for MCSEs, and CNEs as well. My plea to business people is exactly the opposite. You must take great care. When you are hiring for a mission critical position, there is no substitute for experience and knowledge. It is necessary to "go the extra mile" in determining fitness for the position. If you end up hiring someone beacuse of their paper skills, it could cost you more than a larger salary in lost productivity and, in the case of a security manager, in lost information resources. ICMan Please respond to "Paul D. Robertson" <probertsat_private> To: Alec Muffett - SunLabs <Alec.Muffettat_private> cc: Anton J Aylward <anton@the-wire.com>, firewall-wizardsat_private (bcc: Shane Mason/SECURE) Subject: Re: Network Security Certification On Tue, 28 Apr 1998, Alec Muffett - SunLabs wrote: > >I've been doing this for nearly 20 years and I find the material > >a challenge. Despite what people like Paul Robertson say, this is a > >true test. Adhearing to what I like to think of as "Bernstein's law" I'm apt to respond to anywhere I'm quoted ;) > I won't argue with the fact that taking some kind of exam in the field > at least shows some sort of dedication to the topic of security, and > therefore could help employers sort some of the wheat from the chaff > of job applications. I'm not so sure it doesn't show some sort of dedication to taking tests. While Anton has obviously not been motivated to do this by lack of a future, I'd be interested in hearing his apprasial of the other test takers to contrast with what I've seen for the last 3 or 4 years. [snip] > Without "CLUES"(TM), all the knowledge in the world will not protect > your network; it is a regrettable almost-certaintly, however, that > your insurance premiums will eventually be bound to how many certificates > your staff have passed, rather than how many "CLUES"(TM) they possess. I seriously fear this case. It's difficult enough now to get a valid business case for security funded. > [2] Speaking as someone whose only security (or indeed computing) > qualification whatsoever is a "Introductory Fortran for Numerical Analysis" > course segment taken in 1986 as part of an Astronomy degree.[3] > > [3] Presumably this means I know nothing about security and therefore > am unemployable in the field. Hey, for the paltry sum of a few rounds of beer, the Gargoyle which sits on my monitor will certify you. He got the idea from Marcus' cat's firewall certification process. Never fear, you too can be part of the "Information Superhighway Highway Patrol." Badges are extra ;) Paul --------------------------------------------------------------------------- -- Paul D. Robertson "My statements in this message are personal opinions probertsat_private which may have no basis whatsoever in fact." PSB#9280
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:32 PDT