Jump to content

Certifications Path


Recommended Posts

I currently hold 0 certifications.  I've held A+, Security+, Cisco, and Apple certs in the past.  To me, certs just get you past the HR drones who have to check boxes before an interview, and show you can retain information long enough to pass a test.  Work experience is more important, in my opinion.  Besides the Apple certs, all the others I received within a 4 month time period after I was let go from a previous job, just for the HR example I gave.  The sec+ book was handed back in still shrink wrapped.  I've been working in this industry for almost 20 years though.  So my resume reflects that, "I have 20 years doing blah, and have held these certifications, blah blah, and blah".

Link to comment
Share on other sites

I am leaning the direction of @barry99705


I was the type to push everyone toward college back in the day but now I have been more picky as to when you need to spend half your life on a student loan if you do not have to.  School versus payoff these days has gotten tough when it comes to loans so I always try to steer people from them if they can attain the knowledge just as well from other means but that is just my background when it comes to education these days.  Though I still believe in obtaining knowledge.

Now, with that.  My job put me through the CeHv9 course.  I have practice exams and from people who paid to take the test for the cert and the practice exams I lost interest in a CeH cert.  Nothing to do with the difficulty of the test.  Doesn't seem hard.  It was just the content of the tests and those wacky throw-ins (which are in the practice too) just made it feel like the industry tried to standardize hacking.  It was watered down and made me feel someone with no real world experience can get one of these and be mistaken for a security expert, like an MCSE :tongue:.  If you want a cert, aim for the OSCP if you have to spend money on a qualification.  From what I seen of it, it shows real world knowledge and you can even learn from it if you fail vs a CeH if you fail means you have to go memorize more stuff.

I am not knocking on those who already have the CeH cert.  Even I was going down that path to have a piece of paper to satisfy some industry goons.  Ultimately, I am settling on getting OSCP type of certs as they have shown to attain them you have to show some sort of real world competence in the field.  I say "hack" together your own learning and education path.


Link to comment
Share on other sites

Long story short... you have to get certs. I'm sorry, it sucks.


Long version: I started my career as a computer programmer back in late 1997 with my first professional job. That was during the time when even a fry cook could get hired at $12 an hour after reading "Learn Visual Basic in 21 Seconds." After the .COM bust, and programmers were about as useless as Real Estate Agents were after the housing crash... people got picky. Through most of the 2000s... I would generally toss resumes in the trash when I saw certs on them, because I thought they were a joke. College degrees is where it was at... and that's what we focused on. But... over the years, particularly in the past 7-8 years, certs have become very important. Whether they are actually an indication of skill, or not... most companies require you to have them as a condition of employment. Most HR people don't have a clue what any of that means, but they just know that you need them. Especially with most application systems, they do text searches and without certain key terms showing up, your resume will never even get looked at by a real human. 

I understand what Barry above is trying to say, but unless you are already established in your industry and have contacts, then no one really knows what you're capable of, and / or cares. Regardless, many companies now demand you get certs, even if you know more than everyone. My company required me to get any number of certs, so I was like... ok, I'll just get the CISSP so you'll shut up.

But... the economy is on fire again, and none of that really matters if you're just looking to get your foot in the door. But, I'd not have let the Security+ lapse...  

Link to comment
Share on other sites

  • 2 weeks later...

Thanks Everyone!  I def shouldn't have let the Sec+ lapse.  I understand that the industry goons lol / HR suits want to see something.  They need some degree or cert as a CYA in case their hire ends up being a dud.  I graduated cum laud and was in the comp sci honorary..... a bit over 10 years ago! I have a decent resume with fortune 100's and start-ups, but my recent 2-3 years worth of work has been contracts.  I guess I've recently placed more value on living and enjoying life than I do being owned by a company 8-4 for 365.  For my work experience, I have been responsible for security, but I've never had it in my title.  However, I would love to do some pen test contracts and want to keep learning and breaking new things ;^)  I was thinking the CEH would be a good route, but after hearing this it looks like I'll be doing the OSCP.  Throw-ins and impromptu obstacles are important, but if I'm paying for them I want them to be practical.

Link to comment
Share on other sites

  • 8 months later...
On 8/16/2018 at 3:58 PM, hackfleisch said:

What's everyone's opinions on certifications?  Which is best when re-joining the rat race (getting a damn job) vs most practical?

My Security+ just expired and I really didn't think it is worth going back through the material and spending a couple hundred $ for it.

Imho the only thing you will get out of certifications is the fact that you can pass the recruimtent/hrm stage of getting a new job/project. These days, in that stage, talking about your skills is not important because these people would not understand what you are saying. They just wanna check the default boxes on the hiring form so their ass is covered when anything goes wrong in a later stage. And some of the best tech people i worked with didn't have any kind of post college certifications, and i think there is little of no connection between skill and certain certs (i've also seen certificated people who could only use pre-learned procedures, unable to be creative and think outside the box).

So my advice is. Unless you are a great networker and can circumvent hrm, first look what certifications you need to get the job you want and then just get those.

That being said. I think the world would be so much better if hrm and recruitment was removed from the hiring chain, and would just do the paper work (and maybe provide some information) at the end of the proces like they used to do and were meant to do in the first place. But maybe i'm becomming an old cynic and don't understand the new world.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...