Post by cciedump on May 7, 2021 3:56:26 GMT -6
I meet a lot of people at work. Although my professional contacts are not as formal as before, most of the time I have to exchange business cards with others. I often get a business card with a long list of Title abbreviations after the name. For example, John Doe has CISSP, security +, CISA, giac, CEH certification, and about 10 titles I've never heard of.
My first thought is: this person has a lot of spare time. But before I make these unnecessary and wrong assumptions, let's take a closer look at the role of these security certifications and see if it's worth the time and money spent on them.
I've never liked these certifications for the following reasons: many of the smartest security personnel I know don't have any certification, and some of them only have titles that they can do. This makes me doubt the whole certification process. After all, certification is very important for people who want to be certified. At present, there are more than 60 kinds of manufacturer independent and neutral certification for you to choose from. How can you know exactly which one is useful for you?
However, many companies and personnel managers continue to believe that there is a direct link between certification and competence (actually not, but I will still discuss this topic). The fact is, authentication only works sometimes. Let's look at some useful scenarios.
Achieving specific goals
the value of certification lies in the goals you want to achieve. When you firstEnter the field of security, a certification that you have some vocational training experience, and a general understanding of the field. Except CISSP certification (because this requires 4 years of work experience), but other ordinary certification can also help you easily enter the technical field. Some HR managers filter out people who have no certification, so a certification will help you cross the threshold. cissp vs ccnp
A certification can also help you make personnel changes in the enterprise. For example, if you want to enter the audit field from the security field, you should have an audit certification (ISACA's CISA) to prove that you have a basic understanding of audit.
Certification may also help you get a raise. Some organizations even pay for certification, which means a return on investment.
Finally, for a management position, you should focus on the certification of management direction. For example, a certification of sans, giac security leader certification (GSLC). Without practical work experience, a certificate can sometimes help, but it depends on where it is.
Which one to choose?
If certificates can help you achieve your goals, then you should decide which is the best choice - security certification or audit certification? What are their advantages and disadvantages? Let's take a cursory look at some famous Certifications:
? CISSP: calling itself the "golden rule" (especially when you ask ics2). But considering brand recognition, CISSP certification is still valuableYes. Although its curriculum is very broad and can not explain the specific ability level, it is still developing. ? sans: sans organizations have at least 20 kinds of certification, most of which are based on the courses that sans has offered. Like CISSP, giac is a well-known and widely recognized certification line. Although sans has broadened its scope of certification (adding management certification and audit certification), it still focuses on technical capabilities. ISACA: international audit organization has its own certification system: information security audit certification (CISA) and information security management certification (CISM). For auditing, these certificates are well-known and we are concerned about them. For information security profession, the certification is not ideal. ? Security +: CompTIA provides an authentication called Security +, which is the leader of entry-level authentication. The course is very broad, focusing on basic skills, but it can also prove that students have a certain level of understanding. Please note that I am talking about knowledge, not necessary ability. ? Certified Ethical Hacker (CEH): CEH certification is a relatively new certification, and few people know about it. Although it is related to a bad word "hacker", I think penetration testing is one of the most important long-term technologies for a security expert, so this certification can be considered.
Remember, a certificate is just like anything else: it's a tool to help you go further in your career. If your career path is fromA point to B point, and no certification will make this road difficult, so please stick to it. However, please remember that nothing is omnipotent, practical experience is irreplaceable after all.
Therefore, instead of spending a week on cissp 덤프 pdf sans courses, it is better to conduct penetration tests for local religious institutions, and defend and protect them. Local schools, animal shelters, and nearby owners' associations may also need relevant help. Another way is to find a local apprenticeship through Issa or InfraGard.
All of these will give you practical work experience that future employers value. There are many places to learn and practice the skills required by the industry, some of which are even better than a certificate.