You can't secure what you don't acknowledge.SM

Friday, April 15, 2011

Be wary of the well-certified IT pro

You may have read that Gartner projects IT spending to increase in 2011. It's great news that may lead to hiring new staff or at least new consultants for your IT and information security projects....Just proceed with caution and don't fall for the "I'm certified therefore I'm all you need" persona that's rampant in our industry.

There are a lot of people out there looking for work - many of which have added one, two, perhaps five or more IT/security certifications such as CCNA and CISSP to their names over the past year. But you have to be forewarned: just because someone has passed a certification testing regimen doesn't mean he or she is going to be 1) a disciplined worker, 2) a good communicator, 3) have goals, or 4) possess that sticktuitiveness required to succeed in IT.

Certification only goes so far. In fact, I've often found that the more certifications one has the harder he or she is "trying" to prove something to mask other deficiencies (likely the very things you're in need of). Ironically, some of the sharpest and most productive people in IT and infosec have no certifications at all.

It's a harsh reality but it is what it is. Buyer beware.

2 comments:

  1. I agree with Kevin's post. I was following a discussion on a Linkedin discussion the other day about degree versus certs. The main consensus was that a degree will get you past the HR specialist screen, a cert will get you in front of the hiring manager, and experience will get you the job.

    ReplyDelete
  2. Thanks ghwinfosec. Well said. Here are some more thoughts on mine of this subject worth checking out:
    http://securityonwheels.com/cde.html

    ReplyDelete