I’m a recent graduate with a degree in computer security and I’m currently looking into and applying for positions in the Security Analyst field with ambitions to work towards becoming a fully fledged penetration tester. I have a fairly big advantage over normal CS graduates as my skills are more specialised for security roles and I’ve been looking at certifications to give myself an additional edge in the field.
What are people’s thoughts and recommendations on security and general IT certifications? I’m looking to start towards one right away. Bearing in mind I have zero years experience in the industry and a BSc degree.
EDIT: I should also mention I am a UK resident as I know this has a impact on choosing a certification.
I agree, real world experience in the industry is more sought after than a cert. The big bad one I’m seeing is the CISSP which is the most sought after and hardest to get, especially with the requirements of at least 5 years in the field before you can take the exam. A good understanding of networks is key in security so I may work through the Cisco CCNA. Some of it will be a refresher from university but I think this is a good basic starting point, even though it’s not totally security oriented.
Yeah, the CISSP is almost like the undergraduate degree of certs – it covers a broad range of topics, without getting too specific into any and a lot of places like them. Oddly, some places I’ve worked treat the CISSP as a golden badge of awesomeness…others, like my current team, consider very over rated. shrug I took it mostly for the lolz/to see if I could – but i’m not a healthy person. 🙂
The one other thing I would say about the CISSP is that there is a CISSP-Associate. It’s the same test, but without the prior work experience. And as long as you maintain the continuing ed’ credits, you can qualify for the full CISSP when you do get the work experience.
I’d focus on getting some real job experience more than getting any certs. Experience is worth a LOT more than a cert when looking for a job. Certs, at best, show that you were able to absorb some facts and pass a test – they do not indicate any ability to do a job. So your efforts should really be in getting that first professional gig – even if it’s not directly in security, but in something related like network ops, system ops, etc. And don’t be afraid to take short-term contract jobs. Really, anything that helps you build that post-education resume.
Of course, while you’re looking for work, there’s no harm in studying for a cert (or even getting a cert).
The one exception case I can think of is in very specific jobs at specific companies they may want you to have a specific cert. But those are so case-centric that it’s really hard to plan for that. You can take a look at some of the popular job sites where you live and see if there aren’t some common threads.