Last week, our resident Penguatroll asked me about certifications in the IT industry. As far as certifications go, I’m pretty much in the middle of the road. Over the past several years, I have made no effort to get any, but I was also not in a position in which it was necessary. I see a few times in which it is definitely advisable to get certifications:
- You are not in the IT industry but want to break in, or have been out of IT for a while (Tony’s case). Certifications are not a 1:1 match for experience, but even something as simple as an A+ or Network+ certification can show some level of skill. It’s not the same as having an extra 3 years of experience, but compared to an equivalent candidate without those certifications, it’s an advantage.
- Your employer pays for training and tests (and, even better, gives you time to study and learn). This is a no-brainer. If your employer pushes you to get certifications, that’s a good thing to take advantage of.
- You’re consulting or prefer to do short-term contract work. This is similar to the first point, although the certs I’d be looking for would be more advanced: you’re a CCNA or MCSE (the new type). Again, these don’t prove that you really know what you’re doing, but they are pretty good signals: I would ceteris paribus trust a CISSP to answer network security problems over a non-CISSP. As the saying goes, the ceteri aren’t always paribi (in other words, there are plenty of well-qualified, excellent non-CISSPs in the world of security, and a lot of empty suits who are), but this still works as a good first step filter.
- You’re going for elite certifications. If you are a MCSM, that means something.
In almost all of these cases, the real benefit goes to the hiring manager, not the recipient of the certification. They’re the ones who need to look at 200 resumes for a single position and narrow it down to five, so having that signal there makes their job faster.
With all of that said, I’m looking to get a few certifications over the next several months as I try to start up a consulting firm. My primary goal is to become an MCSA by July. That involves taking three exams. Fortunately, one training guide has already been released and two more are coming out in the next month.
In addition to that, I won at Columbus Code Camp a few months of free training with Paul Paulito, leading up to getting my LIPC-1/Linux+/CLA. It’s not really anything that directly relates to what I do (I work on Microsoft SQL Server and its associated tools, after all), but this falls into the category of “the training is free, so take advantage of it.”
Finally, I’m going to eventually stop putting off my CEH certification. That’s another one of those introductory certs that is only tangentially related to me, but if I do ever move seriously into security, it’s a decent starting point.