Security Certifications – should you get some? Well, this is what I think.

IMHO if you go for a certificate then you pretty much put a box around yourself and your abilities. I am sorry, this is my personal opinion. People will perceive you as such and such because of your certifications. While having a cert might be a good idea for your career and in particular your CV, showing off with it could be a bit harmful. I am not saying that you shouldn’t get certified. I am saying that most people get certified because of the certificate and not the knowledge they get with it. Everybody knows that and it is hard to convince people otherwise. And this is the main reason why security certifications are significantly devalued over time, apart from the fact security knowledge needs to be constantly updated. The more people get certified the less valuable certifications are.

What about CISSP? CISSP can certainly help you get good understandings of security processes but when it comes to real-world security what matters the most is your experience. Anything else is irrelevant. At the end of the day you have to solve someone’s problems. Well, in order to pass CISSP you do need to have some experience in the field, at least on paper.

The bottom line is – if you want to make a career in the infosec industry than getting a certification might not be such a bad idea. Just be honest that you’ve got the certificate for the certificate itself. :) I hope that this post helps.