In early December I came across an article on GovInfosecurity.com predicting the top 5 certifications of 2012. Given that we are a few months into the year I thought it’d be interesting to take a look back and see how they fared so far. As usual the topic of certifications brings up a lot of disagreement amongst many in the infosec community for those that value, condemn, or are indifferent towards them. Personally I think certifications are valuable for what they are, giving a possible indication to a person’s understanding of some minimum baseline set of knowledge, however there many other components to consider in assessing someone’s ability or planning your career path forward.
As a quick review, “Top 5 Certifications for 2012” recommended the following certs.
- Vendors (Cisco CCNA, Microsoft MCSE, & Check Point CCSE)
Additionally, they advised relevant vendor certifications, Security+ and the CEH for most entry-level positions that require less than two years of experience. The CISSP, CISM, and various GIAC credentials were more appropriate for mid-to-senior level positions demanding more mature training. Rounding this set of “other” certifications out was OSCP, CCSK, SSCP, and CRISC.
First, I must say bravo for the industry finally recognizing some of the newer and more difficult certifications, specifically the OSCP, however others just seem to be certification companies attempting to take advantage of today’s “fad” buzzwords (hey, even NIST may be vulnerable to this). Based on the first two and a half months of 2012 the CISSP and CEH seem to be trending well. I haven’t heard much about the CISM but perhaps that is due to my particular focus. The GIAC set of certs as well as the Security+ seem to be on par with previous years with one of GIACs being called for in more specialized fields and Security+ being that first step for many into infosec.
Something that I’ve believed for a long time is that getting into and/or progressing in infosec isn’t just about one thing – such as certifications. Yeah, certifications are good to get however they are only a small portion (maybe 10%) of what professionals should be focusing on. Those interested in pursuing an infosec career in the long-term need to take a step back and look at the big picture to ensure they’re not putting all their eggs into one basket.
Are there any certifications missing from what was predicted? Assuming certs aren’t everything, what do you think makes up the other 90%? Let us know in the comments below. Today’s post pic is from InfosecInstitute.com.