Can you say more about why you recommend not pursuing formal certificates? Does that include even the “best” ones, e.g. from SANS? I’ve been recommending people go for them, because they (presumably) provide a guided way to learn lots of relevant skills, and are a useful proof of skill to prospective employers, even though of course the actual technical and analytic skills are ultimately what matter.
It is simply that the certificates that I happen to know about have poor tests that do not actually signal ability to estimate security. I do not know much about the certifications from SANS except that the training is indeed quite broad. According to their website, the test for the GICSP certification consists of 115 questions (I assume multiple choice) of which 70% have to be correct in order to get the certification. Depending on how the answers relate to points, I guess that I could get the certification with a couple of tries and little actual knowledge. Almost everyone of my colleagues had a G**** certification and I am not too impressed by their abilities. Therefore, I assume that it is rarely useful to pursue a certification if you can self-teach instead (or have a very good mentor/teacher at hand).
Can you say more about why you recommend not pursuing formal certificates? Does that include even the “best” ones, e.g. from SANS? I’ve been recommending people go for them, because they (presumably) provide a guided way to learn lots of relevant skills, and are a useful proof of skill to prospective employers, even though of course the actual technical and analytic skills are ultimately what matter.
It is simply that the certificates that I happen to know about have poor tests that do not actually signal ability to estimate security. I do not know much about the certifications from SANS except that the training is indeed quite broad.
According to their website, the test for the GICSP certification consists of 115 questions (I assume multiple choice) of which 70% have to be correct in order to get the certification. Depending on how the answers relate to points, I guess that I could get the certification with a couple of tries and little actual knowledge.
Almost everyone of my colleagues had a G**** certification and I am not too impressed by their abilities. Therefore, I assume that it is rarely useful to pursue a certification if you can self-teach instead (or have a very good mentor/teacher at hand).
Interesting, thanks.