Someone asked me “which IT Certification Should I Start With”. This is just my opinion backed by my own experience in the Information Technology career field. This is based on what I have seen.
Ok, I admit it. I have totally slacked off on getting that CEH certification. I’ve had the boot camp, I’ve amassed lots of great books and resources, I’ve even talked to some people who have passed it, but I still haven’t been consistent about studying. For a while I was pretty consistent. I read the Official Study Guide and started working on an Unofficial one.
Why don’t I have that cert yet? I suppose I just don’t feel I have a reason to have it. It would just be for show because I don’t really do pen testing. ’d like to, but in my job, I don’t usually have the opportunity to do it or reason to do it. I’ve already got the CISSP so I don’t need the CEH for some kind of prestige. Many hackers piss on certifications they are not impressed with them and are willing hurt anyone who flashes the credentials. The CISSP trumps most certification. The only real benefit for me getting it is that it would force me to get more familiar with tools like netcat and Snort which I don’t use enough. I am interested in cyber kung fu. Lately, I have been more drawn to the scientific and mathematical side of technology.. the side where the innovation are born, not just mastered. I’ve been sharpening up my math skills and plan on getting into Computer Science, Electrical Engineering or physics.
I haven’t decided whether I want to take the CEH because I want to do something that has more depth. I suppose I could complete the CEH, go through Computer Science and specialize in security/crypto/info assurance and follow in the foot steps of Bruce Schneier and Steve Gibson. In the beginning, certifications were definitely a step up, but I’m in a place now where they are just ornaments, flashy bobbles I could decorate my name with when I need an ego boost. If my wife and kids are giving me lip I can say, “don’t you know I am a CISSP, A+, B, C, D, E, F, G. You MUST respect my awesome test taking ability!”
I’ve said it before, I think certifications can be of great value. If you work for the Department of Defense in IT you pretty much MUST have one (per DoD 8570). Certifications can give you that extra edge against competing employees in the private sector. Problem arise when the IT certifications value is taken out of context. Like the 8570 which makes it mandatory to have a certain certification regardless of your experience and/or degrees. That is a bit much. Not everyone who passes the CISSP can configure a firewall properly. But perhaps thats the reason the DoD wants system specific certification.