[aklug] Re: IT certifications

Hi Damien,

                My apologies for not communicating my thoughts as clearly and as fully as I should have, initially. First let me say that I don’t necessarily disagree with many of the points you have brought up. However being a retired (45+yrs) IT professional with Military, Corporate, Government, LE, and small business experience I believe my observations have stood the test of time. This is particularly ironic since I dropped out of high school in my senior year (1970) with the goal of becoming a machine-gunner on a patrol boat in the Mekong Delta. While the Navy recruiter didn’t feel I was a “suitable candidate” for the US Navy, USMC Gunnery Sgt. D.L. Mooney thought the Marine Corps had just the right spot for me…. :)…… Several weeks later during the general education testing in basic, it was discovered that I knew the difference between a “D” cell battery and a Crescent Wrench and any hopes I had of manning a .50 Cal Browning and mowing down the enemies of our country were crushed and replaced with the many months of basic electronics study that followed. In addition to having to complete a GED. Somehow I ended up in the top three of my class and wound up with an assignment to advanced training in data systems and cryptography. Keep in mind that there was no Internet back then. Data transmission was done over encrypted HF SSB for pre internet Command and Control Comm. So rather than configuring OSPF we calculated things like what the days MUF was and when we troubleshot problems it was down to the component level rather than card or board. And we had to walk uphill doing it…..

                Too make a long story short, my experience in I.T. both as an employee, part of an interview team, and as a hiring manager, I always looked for the most direct and current experience first whether from a school or self-acquired. Next was their core education and quite frankly I would place a simple CS, or EE far above an MIS. That is simply because most of the folks I know, or have known work on their advanced infosec degrees after they are active practioners in infosec.

                While I sympathize with you regarding a company’s decision to change vendors and the ramifications to a companies in-place staff requirements, I would also point out that change in the field is inevitable and for any organization or business to remain competitive it’s support staff must evolve , one way or another. Optimally the organization should understand and recognize the value of employee longevity and should have appropriate training so as to improve and retain the institutional knowledge. Organizations that simply make a decision to switch out their infrastructure without a support continuity plan are almost guaranteed to face issues in both deployment and day 2 support. On the other side of the coin those organizations which actively consider ongoing training and provide career considerations for their employees IMO enjoy a higher success rating during a technology revamp.

                Lastly before everyone snores off…… I would point out that since those halcyon days when Information security meant locking your papers up in the safe at the close of business, today the field is comprised of a multiple array of specializations so when one says they want to make it in the world of information security what exactly do they mean;

                Defensive or offensive

                Network or System security

                Traffic Analysis

                Forensics

                Compliance

                Legal issues

                Etc, etc, etc…..

                At the end of the day…….. I am still convinced that a solid 2 or 4 yr CS or EE degree overall has the edge over any cert. Unlike certs, degrees last a lifetime rather than the finite lifetime of a particular outfits certs. and assuming you actually paid attention in class will have gained a set of fundamental knowledge’s that can be applied to a wide range of “Information Security” challenges once you get your foot in the door. Hopefully that door leads to an organization which understands the long view and will see it in its best interest to keep the lifecycle of its IT staff in mind as well as the organizations bottom line. But even if the organization has a plan and can manage some training there will always be the need for one to make the extra effort to improve ones mastery……….. not always cheap but there are more and more low cost or free avenues to obtain the knowledge’s that will allow you to be more and more effective and efficient than simply getting a cert…… What good is knowing how to configure something if that something isn’t the most appropriate for maintaining the Confidentiality, Integrity, and Availability of the data one is charged to protect……..hence the original YMMV……

Regards,

Dan…….. former USMC 0311/2500/5971/72/78, A+, Linux +, CCNA, VMWare, NetApp NDA, BF4 Lvl140…… and current chicken farmer.

From: Damien Hull [mailto:dhull@section9.us]
Sent: Wednesday, September 07, 2016 9:03 AM
To: Dan Wolf <dan-wolf@gci.net>
Cc: Christopher Howard <ch.howard@zoho.com>; AKLUG <aklug@aklug.org>
Subject: Re: [aklug] Re: IT certifications

Dan,

I have a Masters degree in Information Security. I hate to tell you this but that's not enough. Vendor certs like CCNA and CCNP tell you how to work with the product. How do you get OSPF configured? How do you get spanning tree configured? College degrees help a lot for the big picture. They may not give you the commands you need to configure OSPF on a Cisco router.

I used to work for GCI setting up Cisco and Juniper routers for Internet access. The only reason I survived is because I was CCNP certified. Without that I wouldn't have been able to make it. Then they said, surprise, we're going to Juniper. The networking concepts are the same, but the commands are different. My college education didn't tell me how to configure OSPF and MPLS on a Juniper router. And no, we didn't get enough on the job training to figure it out before we were dropped into the hot seat. I managed to survive for a bit but it was rough.

Vendor certs will always be there. They may not be perfect but they're better than nothing. I also think that people who look down on certs haven't looked into them. The CCNP is three tests. One of which is "switching". Can you configure HSRP in a minute or two? That was on the test. Took me three tries to pass that test.

I'm trying to make it in the world of Information Security. The SANS organization has become my training of choice. Expensive but worth it. Topics they cover are things most people don't even know exist. How do I learn this stuff if I can't find anyone who knows it even exists? Training and certs are the only thing I can think of.

Point is, I've learned a lot from college and IT training / certifications. Wouldn't be able to do my job without them. And as someone else pointed out, you may not get past HR without them.

I think this is also the downside to IT. It is so expensive to keep up. If anyone has a cheaper solution I'm all for it.

On Tue, Sep 6, 2016 at 12:57 PM, Dan Wolf <dan-wolf@gci.net <mailto:dan-wolf@gci.net> > wrote:

IMO..... Some of the basic certs A+, CCNA have value in providing employers with a comparative baseline for entry level positions, but after that certs tend to lose their value...... In the end.....stay in school or go back and get a 2 or 4 yr degree and you will have a piece of paper that lasts a lifetime rather than 2-3 yrs....... Then you leverage that paper to get in the door to an org that can provide the additional training you seek As always YMMV.....:-)

-----Original Message-----
From: aklug-bounce@aklug.org <mailto:aklug-bounce@aklug.org> [mailto:aklug-bounce@aklug.org <mailto:aklug-bounce@aklug.org> ] On Behalf Of Christopher Howard
Sent: Monday, September 05, 2016 2:03 PM
To: AKLUG <aklug@aklug.org <mailto:aklug@aklug.org> >
Subject: [aklug] IT certifications

Hello list. I was wondering... has anybody heard of any programs (e.g., nonprofit, workforce development) that help people with the financial part of getting IT certifications? There are a number of additional certs I'd like to get (e.g., Security+) but there isn't much room in my budget, and I don't think I could convince my current employer to pitch in. (As additional certs would only help me to get a better job elsewhere.)

--
https://qlfiles.net
My PGP public key ID is 0x340EA95A (pgp.mit.edu <http://pgp.mit.edu> ).
---------
To unsubscribe, send email to <aklug-request@aklug.org <mailto:aklug-request@aklug.org> > with 'unsubscribe' in the message body.
---------
To unsubscribe, send email to <aklug-request@aklug.org <mailto:aklug-request@aklug.org> >
with 'unsubscribe' in the message body.
 
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.