[OT?] call for info on security professional certifications

Alan Johnson alan at datdec.com
Tue Apr 6 12:23:30 EDT 2010 

On Tue, Apr 6, 2010 at 11:23 AM, Benjamin Scott <dragonhawk at gmail.com>wrote:

> On Tue, Apr 6, 2010 at 10:30 AM, Alan Johnson <alan at datdec.com> wrote:
> > What we are trying to figure out is if we
> > should included any certifications in either the "required" or "desired"
> > qualifications.
>
>   Some of this depends on what the job duties will really entail.
> That is, whether the "IT Security Officer" going to be more about
> managing people and workloads than actually vetting the technical
> aspects of security.  You emphasize production systems; in that case,
> I presume more technical stuff.  Tech certs are, of course, more
> applicable for tech stuff.
>

I had tech certs in mind, but if this jobs is done right, it will required a
lot of upwards management, IMHO.  I didn't think "certified boss manager"
was an option, but I like to check it out if it is! =)  Seriously though, I
don't believe downward management skills are an issue here, but policy
creation, implementation, and enforcement are sure to be at the heart of the
job.


>  The DoD is now requiring all staff who work in an Information
> Assurance role to maintain security certifications.  That includes
> staff of commercial contractors.
>

You mean, like clearance levels, or some tech security cert?


>   I have yet to see tests or courseware, but looking at the
> brochureware, the GIAC/SANS and ISC^2 certifications describe what
> look like good programs, once you get beyond the fundamental levels.
>

Thanks!


>  Personally, while I place relatively little value on fancy pieces of
> paper, I don't think they're worthless, either.
>
>  Certifications are commonly used as part of a resume screening
> process.  If you get 1000 applications, narrowing the field is
> difficult.  So require a certification, and you at least filter out
> the people who spam every tech job they see.
>

Yes, I expect it will only be used as a filter if the volume is significant.


>
>  Full disclosure: I have no college degree and no major
> certifications.  [However, on several occasions, I've been told I'm
> "certifiable".  ;-) ]
>

As are many of the best techs I know. =)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20100406/9cfdba19/attachment.html

More information about the gnhlug-discuss mailing list