09-30-2017
My long standing and constantly reenforced view is that certifications are basically worthless and certification companies are mostly just money making machines, pure and simple.
For example, I was a well known Internet security expert long before I took the time to get my CISSP certification. But I thought (one day, a long time ago in a spacetime far far away), hey! I'll sit for the CISSP exam so I can put "CISSP" behind my name and hang out with CISSPs.... haha
Honestly, I enjoyed studying for the exams and when I finally sat for the exams, I finished hours ahead of schedule to my surprise. I passed the entire CISSP battery of exams with flying colors and proudly flew the CISSP flag after my name for many years. For a year I was a featured ISC2 blogger on their site.
Then, I noticed that almost every CISSP I met had almost no operational experience, only textbook knowledge. I noticed that the world was pregnant with "certified experts" without any true operational experience against a real cyberattack and no general data center operational experience. Most of the certified people whom I started to associate with were "cybersecurity or IT arm chair quarterbacks" who talked such a great game but never had been on the field. This was amazing to me.
Then, I noticed that the organization that controls the CISSPs had a system of "professional credits" that were required every year to stay certified; and that much of these "continuing professional development credits" came from their commercial partners. For example, if you took a class from a partner of theirs, or you subscribed to a magazine (this is crazy!) in the "recommended magazines", you could get "credit" to keep your CISSP!
However, if you wrote a bunch of great blog posts about actual real experience defending the real world against real cyberattacks, or published a paper in a journal not directly associated, you got zero credit. In other words, the CISSP "system" turned out to be a kind of commercial enterprise which churned out a lot of unqualified, but certified people.
I finally just gave up on my CISSP cert because it was useless and a kind of a farce; as the more CISSPs I met, the more I met people who had a lot of book knowledge about cybersecurity but most, I would say 90 to 95% or higher, had no true hands on operational experience defending high value networks. Most had never even done any system admin on a critical server!
My advice has always been to get hands-on experience and stay hands-on and operational. If you are too inexperienced to get hired, then create your own project (be a doer, not a talker) or join a open source effort (volunteer and contribute); write code, write code, etc. Do sys admin. Never become an arm chair quarterback who claims to be an expert because they got certified.
On the other hand, I enjoyed all my studies when I prepped for my CISSP exam; and I did learn a few good things from my exam prep time; but only because I had many years of hands on operational experience to validate and apply the theory too. I have met a few CISSPs who were "operational" and great people (few and far between, however).
I can name very few people with hands on operational experience compared to the multitude of certified people who have ever worked in a data center or been a sys admin of critical infrastructure (but claim to be experts).
In closing, Certs are "OK"... if you want to do them; but nothing is more important than continued hands on experience at the system level, learning new skills, coding, writing solutions, building and securing systems.
In my very biased view, 100 certs are less valuable than a few years of hands on system level (admin / system programming) experience with mission critical IT infrastructure.
Cheers!
These 6 Users Gave Thanks to Neo For This Post:
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Are there any nationally recognized UNIX certifications, similar to A+., for basic unix and system admin skills?
thanks (1 Reply)
Discussion started by: pacsman
1 Replies
2. What is on Your Mind?
Hi all,
I'm new to this forum also to unix, but eager to learn unix.
Can any one gimme the certifications/exams available to validate our unix strengths. (7 Replies)
Discussion started by: sarang
7 Replies
3. UNIX for Dummies Questions & Answers
Hello I am a newbie i learnt Shell programming and Unix Internals.Well plz advice me what certifications i shud do as i have free time and want to utilize my time :) (1 Reply)
Discussion started by: strawberry
1 Replies
4. Shell Programming and Scripting
Guys,
I just want information abt certifications available for unix. If they exist can anyone give some info them. Making clear I am pointing to developer level exams, not admin side.
Thanks,
Sharif.S (0 Replies)
Discussion started by: sharifhere
0 Replies
5. AIX
Hi ,
I want to know aix certifications,How to perepare for that ?How many number of papers are there? (12 Replies)
Discussion started by: manoj.solaris
12 Replies
6. Shell Programming and Scripting
Hi All,
Can anybody let me know if there is any Unix certification course which will provide basically programming in Unix. (4 Replies)
Discussion started by: darshakraut
4 Replies
7. What is on Your Mind?
hi there :)
I will study the Linux LPI certification in a few months
What do u think about it?
Is this certification good enough to work with solaris too actually? I´m not sure because i think is more oriented to linux, and solaris as far as i know, is based on UNix.
What else can i... (3 Replies)
Discussion started by: andriusman
3 Replies
8. HP-UX
Hi,
I am planning to get certified on HP-UX.
I googled about HPUX Certifications. I understand that I need to pass on exam HP0-A01 but I find many references to HP0-095.
I bought this book:
HP-UX: HP Certification Systems Administrator, Exam HP0-A01 - Training Guide and Administrator's... (16 Replies)
Discussion started by: psicopunk
16 Replies
9. What is on Your Mind?
Hi ,
I am working in Perl/Shell Script for past 3 years.I am planning to learn and switch my Career as Linux Admin.So Please suggest some certifications to learn about it.Do we have separate sub categories/area of specifications in Linux Admin ? Like Virtualization ,Vmware,storage. ... (0 Replies)
Discussion started by: Ajaytts123
0 Replies