Q

Will a Security+ certification be useful for aspiring security analysts?

When breaking into the world of corporate security, a Security+ certification is one of many credentials that may be helpful. Mike Rothman explains.

I'm interested in pursuing a corporate information security analyst position after 20-plus years in the information technology arena, starting with help desk support and teaching Microsoft Office products, to level two desktop support . Since I do not have background experience specific to information security, I've decided to take baby steps and start by pursuing a Security+ certification. Do you have any feedback on this particular certification? What else might help me to land a corporate security analyst position?
The CTIA's Security+ certification is one of the most general security practitioner certifications. Most of the time, I don't think getting certified helps practitioners advance their career. Many of the most talented practitioners I know don't have a certification, and I've known many certified professionals that were pretty much incompetent. To me, a certification indicates a lowest common denominator skill set and the ability to take a test.

That being said, I think there are two situations in which certifications are helpful. The first is when a person

has no direct experience in the security industry and no credibility to convince an employer that he or she can do the job. In this case, getting a certification can show initiative, focus and a willingness to make an investment in one's future. It's one of the ways to get from Point A (not having a job in information security) to Point B (having a job in the security industry).

The other situation is when there is a real economic dollar value to getting the certification. There are some companies that highly value capital letters behind an employee's name, and they are willing to pay for it because it makes the security organization as a whole seem more knowledgeable. That doesn't make much sense to me, but if a company will pay more for a certified employee, then by all means get certified.

In terms of what else to do to get a job in the security business, I would recommend informally increasing personal skills, which means breaking and fixing stuff. Build a home network and break into it. Fix it and try it again. Offer to secure the networks of neighborhood businesses. These things will provide a person with real experiences that can be relayed during the interview process.

More information:

This was first published in January 2008

Dig deeper on Information Security Jobs and Training

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close