However, for us in SE Asia, certifications can mean having contracts, or be a starving pentester (I know this only too well). Certs are a great marketing tool –and they can help get you through the first door. And that’s all you need really, just to be given the one chance to prove yourself worthy with your electronic ninjutsu. Once you’ve done that, and have gone on to become a 10th-dan cyber ninja, only can people see you as out of that “box around yourself”.

By the time, if you really got skills for security information, and people know you about some cases that you have been involved in the past, the opportunities will come to you- its just a question of time. You will have a name one day.

To sum up, they are just a paper to prove that you are able to do something when nobody knows you. But everybody know that, some people don´t need certifications to know somethings and be a good professional.

Certifications are designed for two reasons: control and false sense of equality. Again, it is a personal choice. In a similar way you can make a lot of money from the falling stock market right now but most people don’t do it. It is a matter of personal choice and also lack of understandings about how things actually work.

To wrap up, certifications together with collage/university diplomas provide no assurance that the person who has them is employable or can provide any value whatsoever.

They’re keys and tools, and I thank you for stating the obvious in such a clear fasion :)

Bottom line? If a particular certification is going to get you an interview which may lead to a job you want, having it is a no brainer. Get the cert first – the experience will come when you have the job. If you already have the experience, you probably don’t need the cert but it will still help you get noticed on a recruiter’s search.

Someone mentioned University degrees here. Most of them aren’t worth the paper they are written on, but if you’re just starting out, try getting a job these days without one.

Sometimes you gotta give people what they want. Just like when you wanna get an A on a test: you simply answer the questions the way the teacher wants, even if you don’t agree with him/her. I say get the best of both worlds (certs+real skills), can’t go wrong. but mostly, make sure you know your stuff so you can look at yourself in the mirror.

A possible exception is SANS in that the training is extremely beneficial even if you don’t get the certification. With things like CISSP and CISA, you are training specifically to get the certification. With SANS (at least in my experience), you are training to actually improve your skills. If you pass the certification, at least I know you were tested over useful information and not the usage of buzzwords.

My thoughts are that certs show very little knowledge on the part of the candidate. They’re little more than HR tools. Here’s the bottom-line:

“The value of a certification is exactly the value that others place on it–no more, no less. If you’re interested in the actual value of a given cert, check the job sites, call your recruiter friends, and talk to hiring managers. Just as with currency exchange rates, the only way to determine “true” value is to see how much others are willing to pay for it.”