In this piece they also state that one of the questions they are most frequently asked, by both prospective and currently enrolled students, ask which security certifications would be best in or to be competitive in the information security field. The response to this question is far more complex than one would think, and is therefore there is no simple response. However, the real question students should be asking have more to deal with the value that certificates provide for a security professionals career. There is no Holy Grail of security certifications. The most important thing for one to do is to understand what certifications represent and what they do not, as well as understanding that certifications have both pros and cons.
One of the more exciting things about information security is that the knowledge in the discipline is constantly and rapidly changing. This is both positive and negative for the information security profession. While one we get to enjoy an ever changing landscape, this is also the cause for the us to have to keep our skills and knowledge updated. Unlike other sciences where challenges are presented by nature, our challenges lie in people. People can be our adversaries and highly motivated to cause damage. These highly motivated people only need find one weakness in order to exploit a system and gain access to any information they desire. So we need to find those weaknesses and strengthen them. This is why when security education in practice is considered, security professionals do not have a straight forward, static reply. The information security professionals career is dynamic.
So one wonders where certificates fit into all this. According to this author, certificates should be viewed as a measurement of master in ones career in the profession of information security other than as an end. Security professionals are less dependent on memorization and passing a certification and more dependent on the ability to learn and think independently. The author feels that professional development in security is much more about continuing one's education and keeping one's skills and knowledge current than about certifications and all the letters they add behind one's name.
This is not to be taken as saying that certifications are not important. Certifications have a place. For some, a certification provides motivation to learn something new while the eventual completion of the test is gives them visual verification of what they have learned. Certifications can also be used for measurements in employment. In some cases, employees can earn more money by earning certifications. In some cases, employers require certification as a condition of employment. Many of these certifications require periodic renewals as well as continuing education in order to maintain them.
The best certification to get is the one that will help one continue to learn and stay current on what is happening in the security realm. It is best to always keep in mind that a certification is a milestone, not the end of the road.
Reference
Jacobson, D. a. (Unknown). SearchSecurity
- Pros and Cons of Information Security Certifications. Retrieved from
techtarget.com:
http://searchsecurity.techtarget.com/opinion/Pros-and-Cons-of-Information-Security-Certifications
No comments:
Post a Comment