Submitted by jimmyjot on Sat, Mar 13 2010 - 11:09 PM.
I took Security+ after I earned A+ and network+, and I failed it the first time around. It's a lot of memorization and disjoint facts, which is the kind of test I don't always do well on. I haven't taken the CISSP exam, so I don't know what's on it.
Submitted by ttarpein on Mon, Mar 15 2010 - 9:48 AM.
Jim,
What kind of exam prep tool are you using? I haven't had any of my students fail that exam. As for the CISSP, you have to apply to the certifying body for permission to sit for that exam, and they'll require a certain amount of Information security experience. It is MUCH more involved than Security+. Security+ is considered the foundational Security Certificate. I think ExamForce is a good, comprehensive tool for prepping the Security+ exam. You can contact me at ttarpein@nhaustin.com if you'd like to discuss.
Submitted by jimmyjot on Mon, Mar 15 2010 - 1:47 PM.
I took a CBT course provided by my previous employer, and I supplemented it with the book Security+, a study guide by CompTIA. Since then, I received a Master's in software engineering, including a course in information security, so a Security+ certification is probably redundant.
Submitted by ttarpein on Mon, Mar 15 2010 - 1:52 PM.
I guess it depends on the purpose of obtaining it. If you want to work in IT in ANY branch of government or for a DOD contractor, Security+ Certification is REQUIRED per DOD mandate 8570.
If you've already taken the course and read the book, is it possible the course you took was on previous (outdated) exam objectives?
Try an exam prep tool or exam simulator. Some people use www.examcollection.com for instance.
Submitted by softwarejanitor on Mon, Mar 15 2010 - 10:41 AM.
I think a lot of people would say that if you've got a CISSP not to bother with Security+, as the Cisco exams tend to be much more respected. FWIW, the general consensus about A+ seems to be that about all it is good for is to qualify someone for an entry level $9-14/hr computer tech (Geek Squad type) or help desk position, but isn't really useful for anyone beyond that stage. I don't know whether it is fair or not, but the "+" exams tend to be poo-pooed by a lot of people in IT in general.
Submitted by samjobes on Wed, Mar 17 2010 - 3:51 PM.
"...as the Cisco exams tend to be much more respected."
...actually the CISSP is not a Cisco exam, your thinking of CCSP.
Since I like flogging dead horses and the specific question has already sort of been answered... there may still be those that would like a better understanding.
So, let me start by saying that just because IT folks poo poo the + exams that does not mean a hiring manager will.
The CompTIA exams represent a foundation of knowledge for each category. For instance someone who wanted to be a network technician could get a really good foundation in networking by studying Net+ prior to going for the a Cisco or Juniper certifications, a security analyst the same, beginning with Sec+ then moving on to SCNS or the SSCP (precursor to CISSP with less experiential requirements, see ISC2.org)...and personal computer hardware technician the A+ which really has no next step certification except you could say maybe an engineering degree.
As with most foundational certifications you can try to bypass them to some extent by going to the next level cert if you already know the material and have some experience. But this is where it gets tricky with the CISSP etc...
In the end you have to start someplace unless you have the experience (5 yrs or 4yrs +degree) with the knowledge to take a 3-6 hour exam (CISSP). So why not start with the entry level (ISC)² SSCP certification or the CompTIA Security+ certification, as they are both fairly in depth and foundation building and will help you understand the basic underpinnings of it all. When it comes to getting your foot in the door, starting out with either would be helpful. As mentioned before if you plan on working public service/gov you may be required to have Security+. I would say you can do well having all three + certifications to get your foot in the door with security since most security professionals are expected to understand all three areas at a minimum.
What most people don't understand is that CISSP makes a well rounded (10 domains of CISSP) experienced security professional that can manage the whole security enchilada, but it does not imply any sort of unique specialized skills. It is just next baseline from the ground floor.
So if you are already a software engineer, have a solid foundation in basic security, authentication, etc... you may want to look at more specialized training such as:
the SANS/GIAC certifications geared for application security (application security is the fastest growing field with plenty of income potential)
the "ethical hacking" courses such as the CEH or Backtrack classes (which may lead to a hacking job which are fewer and farther between unless you intend on joining the military or fed govt.)
exploit programming in Metasploit or one of the myriad of application attack frameworks (in-demand skills for penetration/app testing)
Forensic certification such as the EnCase certs (somewhat in-demand good choice for law enforcement, corporate risk/incident response teams)
SANS/GIAC malware analysis specialization (in demand but typically jobs require mucho experience, think A/V companies)
For security audit/management the CISA and CISM certifications (fairly decent quantity of these jobs available)
Some real world tidbits on the demand for each interjected above...
From my perspective being in the industry, for the entry level, Security+ and SSCP are great. For more advanced people you will have to have some (general IT experience in one of the 10 domains may count) experience for CISSP which is the preferred higher level baseline otherwise jump right into a specialization of some sort where you have the most interest and get a specialized certification to do exactly what you want.
Keep in mind at some point a cert is just a cert. As opposed to IT security departments within large organizations a boutique security provider/contractor (think defense) may pound you in an interview with 100 questions or put you on the spot and make you perform some sort of hack to show them your skillz.
~ You need to figure out where you fit in... and where you want to end up
Submitted by samjobes on Thu, Mar 18 2010 - 10:19 AM.
No problem, glad to be of help!
Take a look at this:
The top 10 Certifications that will boost your pay (as listed by Dice.com) are:
PMP
MCSE
A +
CCNA
MCP
Network +
CISSP
MCSA
ITIL
Security +
(in no particular order)
You will see that all the CompTIA + courses are listed and this was list was created from a poll of about 177,000 IT Professionals... I'll bet that in addition to boosting pay they also will help get a foot in the door if you are new.
Submitted by softwarejanitor on Thu, Mar 18 2010 - 10:55 AM.
I used to work for Dice.com... and having said that I'd be a little skeptical about the objectivity of some of their polls, especially since they own a testing and study preparation company and accept advertising dollars from for-profit education companies so they have a vested interest in promoting certifications. In general Dice.com's surveys should always be taken with a grain of salt because I know that the management there (many of whom I personally know) don't like to put out anything that doesn't have a positive spin.
Here's the issue... in this employer's market where companies have heaped on requirements and become more and more picky about candidates you still see very few other than very entry level job postings requiring or even mentioning certifications, especially the CompTIA ones. There are some other, mostly vendor certs that you see mentioned as nice to haves or occasionally even requirements, but its the exception rather than the rule.
I've been working in the industry for 20+ years and been involved with the hiring process on more than one occasion. I'd say that in my experience rarely has a certification made a difference in terms of pay offered to a new hire or it ever having been a significant factor in the decision process between candidates for anything other than very entry level positions. Education in terms of college degrees and mostly years of relevant on-the-job experience is almost always the first thing that hiring managers look for.
I'm not saying there is no value to certifications at all, just that telling people who are unemployed and strapped for $$$ that running out and spending a lot of money on getting certs will get them a job may not be good advice. And for people who are already working, getting a cert is rarely ever going to get them a big raise all of a sudden. Perhaps in a more healthy job market where there was competition by employers for employees, but that isn't where we are right now.
Now if you can get an employer to help pay for certifications, by all means go for it... they certainly can't hurt, they are just no guarantee of anything by themselves and shouldn't be oversold.
Submitted by samjobes on Thu, Mar 18 2010 - 3:26 PM.
I was simply throwing it in there as further evidence that certifications are beneficial to someone who is job hunting. I certainly can't speak to the validity of corporate sponsored research using likely less than academic research methods... but my point is/was that they could very well help you get your foot in the door or be considered as a better candidate than another person who might have the same amount of experience.
As a side note, in my 2 months of job hunting I've found that in the information security field at least 90% of the jobs either require or list as "nice to haves" one of the following certifications: CISSP, CISM, CISA, Security+. So I could be wrong but my assumption is that other tech jobs are the same since, being an employer's market, they can and will ask for the kitchen sink, and get it. I personally think that Austin in general is and always be an employers market considering all of the wonderful talent moving here and coming out of our fine schools. People need to get used to the idea that they must continually improve and hone their skills in order to grow in their careers or in the case of a layoff be able to find another job quickly.
Submitted by softwarejanitor on Thu, Mar 18 2010 - 3:46 PM.
I would say certifications "might be" beneficial rather than "are". I don't think in most cases they are going to help a newb get their foot in the door without previous experience to back them up. Too many businesses have been burned by "paper tigers" who have a lot of pretty wall hangings but don't have a track record in the real world. While having a cert might give one candidate the edge compared to a similarly qualified person w/o, the question for job seekers is whether the costs (both in $$$ and time) are worth it. That is something each person has to answer for themselves. I've just seen too many newbs out there the past few years complaining that they've put all their resources into getting a whole bunch of certs and they still can't get an interview or get hired.
I've done some searches on various job posting sites and 90% seems like an exaggeration. The vast majority of techie job posts don't mention any certs at all, although more specialized niches such as what you are talking about do seem a little more likely to. Here's the deal though -- every one I see not only wants the cert, they also want at least 3-5 years of on-the-job experience as a hard requirement. That's why I think a lot of people are better off trying to get a job in the field they want and then take advantage of any support that employers might give to get the certs while they are working. Doing it the other way around is putting the cart before the horse.
I agree with your assessment of the Austin job market, but I'd go a step further that the tech job market in general is likely to be an employer's market for the future as far as the eye can see. Austin just that much so because of the constant influx newcomers and recent grads. And you are absolutely right about people needing to have a "plan B" in mind, because it looks like job stability is just not going to be there for techies in the future.
Submitted by ttarpein on Thu, Mar 18 2010 - 3:43 PM.
I agree, Sam...I provide job placement assistance to the students here, so I have an RSS feed that is setup to search and retrieve only the postings that contain requests for Certifications. There are many.
It makes sense to me that hiring managers would desire a mix of experience and Certifications, because Certifications teach a skillset, and most must be renewed/upgraded.
This may hold value for many employers, because a Microsoft Certification earned in 2009 may be seen as more relevant than a Master's earned in 2000. And, it's a specialization, rather than a 50,000 foot view such as that obtained through a degree.
Submitted by softwarejanitor on Thu, Mar 18 2010 - 3:55 PM.
Really? I mean really? A MS cert "more relevant"" than a Masters? That is pretty self-serving, even though in fairness you do at least alude to the fact that you work for a for-profit education provider.
Here's the deal with certs like MS's. 2-5 years from now a 2009 MS cert will be "obsolete" and not worth much if anything. A Masters from a reputable institution one would certainly hope would not befall the same end. Its kind of an insult to people with advanced degrees to even say that a mere cert is even comparable.
I've tried to be nice about what I really think of a lot of the pumping of certs and diplomas from for-profit entities... but it is becoming more difficult.
Submitted by ttarpein on Thu, Mar 18 2010 - 4:05 PM.
I definitely don't want to insult anyone. I'm only pointing out that a recent cert would be on a current technology, and the changes that would occur in technology over a ten year span would be great. And yes, I plainly state in my profile that I work for a Proprietary School. But, we're certainly not the first to disagree on this matter, I could probably find 50 blogs about it right now. :)
Comments
I took Security+ after I
I took Security+ after I earned A+ and network+, and I failed it the first time around. It's a lot of memorization and disjoint facts, which is the kind of test I don't always do well on. I haven't taken the CISSP exam, so I don't know what's on it.
Jim
Jim, What kind of exam prep
Jim,
What kind of exam prep tool are you using? I haven't had any of my students fail that exam. As for the CISSP, you have to apply to the certifying body for permission to sit for that exam, and they'll require a certain amount of Information security experience. It is MUCH more involved than Security+. Security+ is considered the foundational Security Certificate. I think ExamForce is a good, comprehensive tool for prepping the Security+ exam. You can contact me at ttarpein@nhaustin.com if you'd like to discuss.
I took a CBT course provided
I took a CBT course provided by my previous employer, and I supplemented it with the book Security+, a study guide by CompTIA. Since then, I received a Master's in software engineering, including a course in information security, so a Security+ certification is probably redundant.
I guess it depends on the
I guess it depends on the purpose of obtaining it. If you want to work in IT in ANY branch of government or for a DOD contractor, Security+ Certification is REQUIRED per DOD mandate 8570.
If you've already taken the course and read the book, is it possible the course you took was on previous (outdated) exam objectives?
Try an exam prep tool or exam simulator. Some people use www.examcollection.com for instance.
I think a lot of people
I think a lot of people would say that if you've got a CISSP not to bother with Security+, as the Cisco exams tend to be much more respected. FWIW, the general consensus about A+ seems to be that about all it is good for is to qualify someone for an entry level $9-14/hr computer tech (Geek Squad type) or help desk position, but isn't really useful for anyone beyond that stage. I don't know whether it is fair or not, but the "+" exams tend to be poo-pooed by a lot of people in IT in general.
"...as the Cisco exams tend
"...as the Cisco exams tend to be much more respected."
...actually the CISSP is not a Cisco exam, your thinking of CCSP.
Since I like flogging dead horses and the specific question has already sort of been answered... there may still be those that would like a better understanding.
So, let me start by saying that just because IT folks poo poo the + exams that does not mean a hiring manager will.
The CompTIA exams represent a foundation of knowledge for each category. For instance someone who wanted to be a network technician could get a really good foundation in networking by studying Net+ prior to going for the a Cisco or Juniper certifications, a security analyst the same, beginning with Sec+ then moving on to SCNS or the SSCP (precursor to CISSP with less experiential requirements, see ISC2.org)...and personal computer hardware technician the A+ which really has no next step certification except you could say maybe an engineering degree.
As with most foundational certifications you can try to bypass them to some extent by going to the next level cert if you already know the material and have some experience. But this is where it gets tricky with the CISSP etc...
In the end you have to start someplace unless you have the experience (5 yrs or 4yrs +degree) with the knowledge to take a 3-6 hour exam (CISSP). So why not start with the entry level (ISC)² SSCP certification or the CompTIA Security+ certification, as they are both fairly in depth and foundation building and will help you understand the basic underpinnings of it all. When it comes to getting your foot in the door, starting out with either would be helpful. As mentioned before if you plan on working public service/gov you may be required to have Security+. I would say you can do well having all three + certifications to get your foot in the door with security since most security professionals are expected to understand all three areas at a minimum.
What most people don't understand is that CISSP makes a well rounded (10 domains of CISSP) experienced security professional that can manage the whole security enchilada, but it does not imply any sort of unique specialized skills. It is just next baseline from the ground floor.
So if you are already a software engineer, have a solid foundation in basic security, authentication, etc... you may want to look at more specialized training such as:
Some real world tidbits on the demand for each interjected above...
From my perspective being in the industry, for the entry level, Security+ and SSCP are great. For more advanced people you will have to have some (general IT experience in one of the 10 domains may count) experience for CISSP which is the preferred higher level baseline otherwise jump right into a specialization of some sort where you have the most interest and get a specialized certification to do exactly what you want.
Keep in mind at some point a cert is just a cert. As opposed to IT security departments within large organizations a boutique security provider/contractor (think defense) may pound you in an interview with 100 questions or put you on the spot and make you perform some sort of hack to show them your skillz.
~ You need to figure out where you fit in... and where you want to end up
Just my Two Hundred Fifty-Five Cents :)
-SSJ
Sam, Thank you for taking
Sam,
Thank you for taking the time to post this reply. Great information!!!! :)
No problem, glad to be of
No problem, glad to be of help!
Take a look at this:
The top 10 Certifications that will boost your pay (as listed by Dice.com) are:
(in no particular order)
You will see that all the CompTIA + courses are listed and this was list was created from a poll of about 177,000 IT Professionals... I'll bet that in addition to boosting pay they also will help get a foot in the door if you are new.
-SSJ
I used to work for
I used to work for Dice.com... and having said that I'd be a little skeptical about the objectivity of some of their polls, especially since they own a testing and study preparation company and accept advertising dollars from for-profit education companies so they have a vested interest in promoting certifications. In general Dice.com's surveys should always be taken with a grain of salt because I know that the management there (many of whom I personally know) don't like to put out anything that doesn't have a positive spin.
Here's the issue... in this employer's market where companies have heaped on requirements and become more and more picky about candidates you still see very few other than very entry level job postings requiring or even mentioning certifications, especially the CompTIA ones. There are some other, mostly vendor certs that you see mentioned as nice to haves or occasionally even requirements, but its the exception rather than the rule.
I've been working in the industry for 20+ years and been involved with the hiring process on more than one occasion. I'd say that in my experience rarely has a certification made a difference in terms of pay offered to a new hire or it ever having been a significant factor in the decision process between candidates for anything other than very entry level positions. Education in terms of college degrees and mostly years of relevant on-the-job experience is almost always the first thing that hiring managers look for.
I'm not saying there is no value to certifications at all, just that telling people who are unemployed and strapped for $$$ that running out and spending a lot of money on getting certs will get them a job may not be good advice. And for people who are already working, getting a cert is rarely ever going to get them a big raise all of a sudden. Perhaps in a more healthy job market where there was competition by employers for employees, but that isn't where we are right now.
Now if you can get an employer to help pay for certifications, by all means go for it... they certainly can't hurt, they are just no guarantee of anything by themselves and shouldn't be oversold.
I was simply throwing it in
I was simply throwing it in there as further evidence that certifications are beneficial to someone who is job hunting. I certainly can't speak to the validity of corporate sponsored research using likely less than academic research methods... but my point is/was that they could very well help you get your foot in the door or be considered as a better candidate than another person who might have the same amount of experience.
As a side note, in my 2 months of job hunting I've found that in the information security field at least 90% of the jobs either require or list as "nice to haves" one of the following certifications: CISSP, CISM, CISA, Security+. So I could be wrong but my assumption is that other tech jobs are the same since, being an employer's market, they can and will ask for the kitchen sink, and get it. I personally think that Austin in general is and always be an employers market considering all of the wonderful talent moving here and coming out of our fine schools. People need to get used to the idea that they must continually improve and hone their skills in order to grow in their careers or in the case of a layoff be able to find another job quickly.
I would say certifications
I would say certifications "might be" beneficial rather than "are". I don't think in most cases they are going to help a newb get their foot in the door without previous experience to back them up. Too many businesses have been burned by "paper tigers" who have a lot of pretty wall hangings but don't have a track record in the real world. While having a cert might give one candidate the edge compared to a similarly qualified person w/o, the question for job seekers is whether the costs (both in $$$ and time) are worth it. That is something each person has to answer for themselves. I've just seen too many newbs out there the past few years complaining that they've put all their resources into getting a whole bunch of certs and they still can't get an interview or get hired.
I've done some searches on various job posting sites and 90% seems like an exaggeration. The vast majority of techie job posts don't mention any certs at all, although more specialized niches such as what you are talking about do seem a little more likely to. Here's the deal though -- every one I see not only wants the cert, they also want at least 3-5 years of on-the-job experience as a hard requirement. That's why I think a lot of people are better off trying to get a job in the field they want and then take advantage of any support that employers might give to get the certs while they are working. Doing it the other way around is putting the cart before the horse.
I agree with your assessment of the Austin job market, but I'd go a step further that the tech job market in general is likely to be an employer's market for the future as far as the eye can see. Austin just that much so because of the constant influx newcomers and recent grads. And you are absolutely right about people needing to have a "plan B" in mind, because it looks like job stability is just not going to be there for techies in the future.
I agree, Sam...I provide job
I agree, Sam...I provide job placement assistance to the students here, so I have an RSS feed that is setup to search and retrieve only the postings that contain requests for Certifications. There are many.
It makes sense to me that hiring managers would desire a mix of experience and Certifications, because Certifications teach a skillset, and most must be renewed/upgraded.
This may hold value for many employers, because a Microsoft Certification earned in 2009 may be seen as more relevant than a Master's earned in 2000. And, it's a specialization, rather than a 50,000 foot view such as that obtained through a degree.
Really? I mean really? A
Really? I mean really? A MS cert "more relevant"" than a Masters? That is pretty self-serving, even though in fairness you do at least alude to the fact that you work for a for-profit education provider.
Here's the deal with certs like MS's. 2-5 years from now a 2009 MS cert will be "obsolete" and not worth much if anything. A Masters from a reputable institution one would certainly hope would not befall the same end. Its kind of an insult to people with advanced degrees to even say that a mere cert is even comparable.
I've tried to be nice about what I really think of a lot of the pumping of certs and diplomas from for-profit entities... but it is becoming more difficult.
I definitely don't want to
I definitely don't want to insult anyone. I'm only pointing out that a recent cert would be on a current technology, and the changes that would occur in technology over a ten year span would be great. And yes, I plainly state in my profile that I work for a Proprietary School. But, we're certainly not the first to disagree on this matter, I could probably find 50 blogs about it right now. :)