Well after postponing it for quite a while I finally decided it was time to go down the certification path. So there are a couple of questions that came to mind, I think I did my homework and these were my answers:
Why get certified?
Well it’s a way of proving that you know something to other people, in particular to potential new employers. It is said that certs are a great way to boost your career or at least make a statement on where you want to steer yours to, i.e. if you take some CISCO certs, you probably what to pursue a the networking path; or if you take a security cert you’re showing that’s the way you want to go.
What certification should I get?
This was a hard one, there are lots of them out there. So I took some notes and talked to people last year when I attended the RSA Conference 2007. I also found a great website where they did some comparisons on with a lot of different variables. After some thinking around I decided to start with Security+ and after that pursue OPSE and / or the well known CISSP. So step 1 is done.
A cert alone doesn’t make a good or complete professional, I know a couple of cert holders that don’t know squat and can’t solve a problem in their “area of expertise” even if their life depended on it. One of those was and old colleague, he had a couple of the CISCO certs and said that he was an expert in networking but couldn’t understand the difference in the use of the POP3 (TCP 110) and webmail or HTTP (tcp 80), after that we just labeled him port 80.
Well officially as of last week I approved my Security+ exam and should continue down the cert road to get a couple more.