Over the past 10 years or maybe a little less I have held a handful of different
certifications. I only place
CISSP on my business cards and email block simply for the fact it's considered the "Number One" security certification and lends a little
credibility to those people who are not familiar. Let's face it how many times have you had to talk to someone and they act like you are the most
incompetent person because you tell them they need to fix something. Having a little
credibility helps...a little.
That being said I was listening to a podcast this morning on my drive to work and the speaker made a joke out of "at least he's not a
CISSP". Interesting. Is it he's not a
CISSP because he doesn't want to be? Or is it he's not a
CISSP because he hasn't taken the test?
I know there are plenty of people who hold their certifications like some badge that suddenly gives them access to all the knowledge that could possibly be possessed. I am truly ashamed to be grouped with those people.
But in the same token there are tons of people who are jealous of those people who are certified or scared to take the test and make every effort to mock the people who were successful enough to pass the test. After I passed my
CISSP I told some people who were
genuinely interested in my results. One of them decided to announce it to the office. Interestingly enough out of the blue someone walks up to me and states "just because you have the
CISSP doesn't mean you know anything". At no point have I declared "I am supreme commander of all security knowledge", but I was a challenge to this person and basically told where my place was.
When I as a more junior network engineer I completed my
CCNA,
CCDA and started on my
CCNP. I was only about 3 years into working with
Cisco, but I considered myself decent for what I had accomplished. After passing my first
CCNP exam a project manager approached me and told me "congrats, now we just need to get you some skill to go with the certifications". At the time I was the only one on the team who could spell
Cisco, but I had rubbed this guy the wrong way and it was later proven in a court case (that I wasn't involved in) that this man had some 'racial' issues. However it definitely put a chip in my confidence. I passed one more and never advanced any further.
The reason I go for certifications is plain and simple. My own personal challenge. If I have to study say Encase (my current project) then why shouldn't I attempt the
EnCe? It's not to rub it in someone
's face. I'm currently the most versed person on
EnCase in my office. So what does it accomplish? Nothing, but my own personal satisfaction. I can put it on my resume. It may give someone who asks my advice a little confidence in my answer, but it doesn't prove I have the right to hold my nose in the air and piss in someone
's grapenuts. I can do that without a cert. Just means I know enough to pass the test and can retain the information I have read/heard/learned.
With all that being said a certification means as much as anything else. I know people with
EE degrees, Masters and a couple
borderline PhD's that are complete and utter morons. I know people who haven't finished 9
th grade who are sharper than most Doctors.
So if you know of someone that is studying for a certification do one of two things: help them/support them or shut the hell up. If it isn't worth anything let the market decide. If it's on
DoD 8570.1 it will only help them find a job. If they pass and get a big head on their shoulders, give them a difficult task. If they complete it well again shut the hell up or prove you're better. If they fail explain why they failed, show them how much they have to learn and help them learn it.
So to summarize if you are not helping someone advance their knowledge, but only complaining about someone
elses achievements you're the problem. Not the certification. If you don't want to take the test, fine. I don't judge on what alphabet soup you have behind your name. But if you only look better when you someone else falls on their face perhaps you're the reason IT is beginning to look more like the office politics that everyone goes to IT to avoid.