I'm researching professional security certifications and am looking for some opinions before shelling out my hard-earned money. Happily, opinions are in plentiful supply around here and I respect every one of them.

I'm looking specifically at CISSP certification (http://www.isc2.org) coupled with CCNA. Anyone have thoughts on the overall industry value of security certification and opinions on reputable US-based training centers? For example, Intense School (http://www.intenseschool.com) offers a total immersion approach that compresses everything into about one week and then you take the test. Is this a good or bad approach?

The CCNA does not mean much any more. It is slowly going the way of the MCSE. Although the new CCNA exam actually requires you to know some commands, so it will be a little more daunting to people who want to be paper CCNAs.

The CISSP is an excellent security certification, but I don't think an immersion program will really help you pass it, and most employers I know would not hire someone with a CISSP and no security training.

The CISSP covers a broad range of security processes, and is designed to test your knowledge of security practice and fundamentals.

Honestly, depending on how much security experience you have, if you are going after your CCNA, I would recommend coupling it with a CCSA instead. Checkpoint is very hot right now, and you can download and play with their firewall at home, to really understand how it works.

If you do have a lot of networking/security experience, bypass the CCNA and opt for the CCNP, and either the CSS (Cisco Security Specialist) or the CISSP.

You also might want to check out Chester's forum, there is a lot of good advice about certifications, etc: http://www.certifyexpress.com/forum/

uuallan makes some very good points.

First off, what experience do you have in the field? The CISSP requires you to have 3 years of relevant work experience to even take the test.

Currently, the CISSP is the premier security certification. It doesn't target specific knowledge or techinical capability. It shows that you understand the fundamentals of information security and why certain things are done the way they are. If your looking for a targeted certification, look at SANS.

As a certification the CISSP is really starting to catch on. A lot of companies are seeing the increased value in hiring a CISSP. Sometimes, it's enough to get you in the door. Usually, it's something that will distinguish you from the next guy.

The CISSP takes quite a lot of time to absorb the breadth of material it covers. I spent over a year casually studying and around 3 months studying consistently everynight after work. Most people I've talked to did the same. Excluding all the security texts I've read over my career, I additionally read around 3,000 pages of CISSP specific material. 3,000 is A LOT of pages.

The CCSE and CCSA are nice certificates to have as well. Last time I sent out my resume the fact that I was CCSE and CCSA certified alone got me a couple bites. The 4.x or 2000 (don't remember) test I took was rather easy. I took the one week training course beforehand and then studied for about a week. I also had been using Check Point daily for a few months. I passed relatively easy. I've heard the new NG tests are much harder. One of my coworkers helped develop the test questions and they were much more in depth than the previous test.

As with uuallan, I don't put much faith in the CCNA. The CCNA has become akin to the MCSE. A lot of people are studying and passing the test with extremely little true experience. This devalues the certification. Hiring managers are starting to understand this and place less faith in it. Is it a good thing to have? Sure. All certifications are good to have. They distinguish you from the next guy. However, I wouldn't spend significant time or money pursuing this cert.

Keep in mind that depsite what others may be saying, the security industry is rather slow right now. In this economy CFO's are having a hard time justifying the costs of information security. It's extremely difficult to show a return on investment. Southern California is miserable right now IMO. East coast, Virginia area has been pretty popular. Don't get into the industry thinking you'll make a ton of money. It won't happen. Not yet at least.

Regarding trainging camps, I think they're a waste of time and money. They teach you what you need to know to pass the test and nothing more. They couldn't survive if they tought you everything related to the subject. If your paying to get the cert and not the knowledge than go for it. Just remember your bringing down the value for everyone else and eventually the company that just hired you will realize you don't know **** and you'll be out on your ass.

Good luck in whatever choice you make.

Very good points from both of you. It's a help. Thanks. :)

The appealing part of CISSP is that it does require someone to have experience and directly represents that experience. That's what I want for my $4K -- meaningful designations, not alphabet soup.

I have worked with and supervised "certified" people before who had essentially no hands-on experience, were dumb as rocks and leeched off co-workers rather than try to gain experience on their own. On the other hand, I've known others with the same piece of paper whose intimacy with the technology was downright scary. It's a mixed bag for sure.

I'll have to continue to weigh this decision.

Go to college, get a degree. A degree is worth more then the certs. Certificates are toilet paper next to the degree.

Originally posted by alchiba
I'm researching professional security certifications and am looking for some opinions before shelling out my hard-earned money. Happily, opinions are in plentiful supply around here and I respect every one of them.

I'm looking specifically at CISSP certification (http://www.isc2.org) coupled with CCNA. Anyone have thoughts on the overall industry value of security certification and opinions on reputable US-based training centers? For example, Intense School (http://www.intenseschool.com) offers a total immersion approach that compresses everything into about one week and then you take the test. Is this a good or bad approach?

All the certifications in the world will get you nowhere without experience. CISSP is a respectable certification, definitely worth it. CCNA shows that you know basic networking. I worked with a CCNA who did desktop support and didn't know much about networking; he was good with the boson practice tests.

In addition to the Cisco Security Specialist certification that was mentioned, there is also CCIE-Security. The written was cake but we'll see about the lab.

Originally posted by Shyne
Go to college, get a degree. A degree is worth more then the certs. Certificates are toilet paper next to the degree.

I already have two degrees. The diplomas do look pretty on the office wall. ;)

Many college curricula around here teach to Cisco or CISSP (or similar) anyway. The major difference is the time it takes to complete the training and currency of the subject matter.

Certifications can be looked at as a kind of continuing education, similar to a surgeon learning a new technique or two without having to repeat medical school.

Originally posted by Shyne
Go to college, get a degree. A degree is worth more then the certs. Certificates are toilet paper next to the degree.

I couldn't disagree with you more.

I'm not saying a degree is worthless. Far from it. But in the tech industry, experience is the key. I've met people with bachelors degrees in computer science who can't even adjust the resolution of thier monitor.

Originally posted by jstout

I'm not saying a degree is worthless. Far from it. But in the tech industry, experience is the key. I've met people with bachelors degrees in computer science who can't even adjust the resolution of thier monitor.

Depends on what you want to do. A lot of companies will not hire someone for a hirer level position without a college degree. Experience is certainly important, but a degree can be essential to getting better jobs, even if it has nothing to do with the field.

Originally posted by uuallan
Experience is certainly important, but a degree can be essential to getting better jobs, even if it has nothing to do with the field.

Couldn't agree more.

Some academic disciplines other than CS are actually better suited to certain tech jobs. A notable example is programming. Some of the best developers I've worked with had degrees in philosophy, mathematics and foreign languages. There is something about those disciplines that either attract people who can think "outside the box" or train them to do so.

Just cause you have a certification does not mean you have experience. I never said that experience worthless. I said the certifications are basically nothing. All you do is study, and read some web sites like mcse-braindumps.com

I'd prefer Computer Science more them Computer Systems, because Comp. Sys. only covers the surface, and Comp. Sci. goes deep into mathematics of programming and all other stuff.

Originally posted by uuallan


Depends on what you want to do. A lot of companies will not hire someone for a hirer level position without a college degree. Experience is certainly important, but a degree can be essential to getting better jobs, even if it has nothing to do with the field.

For the most part I agree. I still think that IT is a different "ball of wax" compared to most other fields. In my experience, most jobs that "require" a college degree, don't. It's simply put in there by HR. If you go in and you have plenty of experience it's still possible to get the job. Given the same experience, yes, the one with the college degree is definately more likely to get a job. I won't/can't argue that at all. To say that you can't get a great job in IT without a degree is a fallacy.

Take a look at all the CompSci graduates who are working level 1 help desk jobs because they don't have practical experience.

My buddy, who used to be a senior consultant with SCO, and then took a job as a senior consultant with Sun Microsystems, and is now in management has less college than me. He doesn't even have a degree.

But he's definitely a guru, and deserves his six figure salary.