Ask the Expert

Will a Security+ certification be useful for aspiring security analysts?

I'm interested in pursuing a corporate information security analyst position after 20-plus years in the information technology arena, starting with help desk support and teaching Microsoft Office products, to level two desktop support . Since I do not have background experience specific to information security, I've decided to take baby steps and start by pursuing a Security+ certification. Do you have any feedback on this particular certification? What else might help me to land a corporate security analyst position?

    Requires Free Membership to View

The CTIA's Security+ certification is one of the most general security practitioner certifications. Most of the time, I don't think getting certified helps practitioners advance their career. Many of the most talented practitioners I know don't have a certification, and I've known many certified professionals that were pretty much incompetent. To me, a certification indicates a lowest common denominator skill set and the ability to take a test.

That being said, I think there are two situations in which certifications are helpful. The first is when a person has no direct experience in the security industry and no credibility to convince an employer that he or she can do the job. In this case, getting a certification can show initiative, focus and a willingness to make an investment in one's future. It's one of the ways to get from Point A (not having a job in information security) to Point B (having a job in the security industry).

The other situation is when there is a real economic dollar value to getting the certification. There are some companies that highly value capital letters behind an employee's name, and they are willing to pay for it because it makes the security organization as a whole seem more knowledgeable. That doesn't make much sense to me, but if a company will pay more for a certified employee, then by all means get certified.

In terms of what else to do to get a job in the security business, I would recommend informally increasing personal skills, which means breaking and fixing stuff. Build a home network and break into it. Fix it and try it again. Offer to secure the networks of neighborhood businesses. These things will provide a person with real experiences that can be relayed during the interview process.

More information:

This was first published in January 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: