|
Home > Archive > Security+ > November 2004 > Is Security+ worth getting?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Is Security+ worth getting?
|
|
| Redstar 2004-06-12, 6:58 pm |
| Or should I just go for CCNA?
(I am working on Network+ right now and then will get my MCP. Was then wondering if I should get CCNA or Sec+?) | |
| table1972 2004-06-13, 6:15 am |
| The CCNA is a foundation level Cisco routing and Switching certification, and the security+ is an entry level information security certification. Each theoretically qualifies you for a very different Job to the other.
The answer to your question totally depends on what your career objectives are.
If I were you I'd stick to a certification path that is most relevant to your 'hands-on' industrial experience. If you don't have any / much industrial experience, then in my opinion a college degree would definately be the best option. | |
| Tophat 2004-06-13, 5:01 pm |
| how is the security+ or ccna certification looked at in new zealand? Do they open doors or are they requirements for networking/security type positions? | |
| table1972 2004-06-13, 5:29 pm |
| It's hard to say. I'm from the UK originally, and am in the process of applying for residency over here. I've been a consultant in a few different countries around Europe for the last few years and I'm having a break in my career right now, and therefore haven't been looking for work here at all. I'll be doing another Masters degree shortly, and decided to do a couple of certs (between the fishing and skiing seasons) I've already done the CWNA, and will shortly be taking the security+. Both of which are related to the research I'll be doing as part of the masters. Sorry I couldn't be of more help. Every man and his dog seems to have a CCNA these days so it's not as desirable as it used to be. I'm assuming that you're from the US. How do employers look at the security+ cert over there? | |
| Tophat 2004-06-13, 6:34 pm |
| i have no idea how it is perceived here. I dont know anyone who has it or anyone who is going for it. from a security point of view, most of the people I know are going for the cissp or the giac certs, which would be like the ccnp in the cisco world.
good luck on the masters program and hope you catch a big fish... watch out for falling space rocks. | |
| Tekmazter 2004-06-14, 8:20 pm |
| Considering that I'm part of a US company which has an office in New Zealand, uh, CICSO holds water.
Just because an office is in NZ doesn't mean it should be looked at differently.
A lot of US companies operate there. | |
| Tophat 2004-06-14, 10:29 pm |
| i would love to know more about those companies. I am not sure how to get a job in the us and get shipped overseas. any suggestions | |
| razor0690 2004-06-14, 10:56 pm |
| Security+ is great to have especially if you going for you mcse it counts as an elective and an extra certificate to throw in the pile. Not to mention security is become on of the biggest issues with companys. It would so easy for someone to take over a company or steal info. People know to little and feel to safe behind the firewall that the pay an outside contractor to configure and they dont even know what ports to leave open or block. so i can say this is the exam of the future it may be the difference in the interview that is where the world is heading SECURITY.. | |
| Redstar 2004-06-15, 8:49 pm |
| Thanks for your answers | |
|
| Real Security certification = CISSP ... anything else is just fluff.
For me doing Sec+ was all about learning security to enable me to become a better network admin. However, Security as defined by Comptia is kind of like having sex with your sister - it just aint right. | |
| Tophat 2004-06-16, 10:45 am |
| i have not looked at the security+ exam syllabus, but I have been looking at the exam questions and discussions. From what I can tell, the security+ is more hands on then CISSP, which is more of a management/assessment certification. Rather then compare the security+ to the cissp, I think it may be better to compare it to the GIAC from sans, which is also vender neutral and hands on. | |
| table1972 2004-06-17, 6:45 am |
| Interesting opinion RussS. Security+ albeit not as in-depth as the CISSP covers several identical objectives, and is considered by many as a stepping stone towards the CISSP.
You mention that any security certification other than the CISSP is just 'fluff'. What about the industry recognised certifications from sans, Checkpoint or Cisco? | |
| geetus 2004-06-17, 2:05 pm |
| Currently I have A+, Net+, Security+, and MCP in win2k & win2k server. I just got the security+ & my new employer (very big on certs) was extremely interested in this certification. I think it helped me get a $5k\yr sign on bonus on top of what I'd already been told. So YES! It's a good versatile stand-alone cert. And besides, if you have network security experience, it's a pretty easy test. I am going to get my CCNA next, then continue on the MCSE track, taking 1 extra test in the midst of it all to earn the MCSA in the mean time. Sounds to me like you're on about the same path as I am, cert wise, and I'm doing great (not to toot my own horn, but this job I just got is freakin awesome). Anyone who says it's just fluff is full of it. Yes, CISSP is a very nice cert to have. So is a CCIE Security cert. Those are very tough and also expensive, and depend heavily on extensive experience. I'm 26 and I'm now making about $58k a year, partly thanks to the Security+ cert, so it's nothing to scoff at. | |
| table1972 2004-06-17, 5:31 pm |
| Thanks geetus! You've really given me some much needed extra motivation to study for this cert! The primary focus of this forum is to assist people involved in studying for security+ and I feel the last thing these people need to see are extremely negative comments the validity of the certification from somebody who obviously has no idea what they're talking about! | |
| Tophat 2004-06-17, 11:43 pm |
| thats good news about your bonus geetus. I am happy that you were able to secure a good job and have the security+ at least help in the process. Being an entry level cert, i think its on par with the ccna. It may not be very challenging or difficult for people who have the experience, but it still great learning experience for both novices and experts while pursuing the certification. I also think it will provide some necessary security knowledge that all engineers should possess. | |
|
| table1972
All security certs are great as the knowledge you learn is something that will very much aid you in the setting up and running of networks. However if one is looking at being a consultant or being a top security guru there is really only CISSP as far as I am concerned.
geetus
It's great that your employer recognised the effort you put into your study. It used to be that way a few years back with many certs, but since the current trend is to dump your way to certification many employers really consider most certs as rather devalued.
table1972
I hear your point about being negative about the Sec+ exam, however that is something Comptia has brung on themselves. To push the exam out in the wake of 9/11 hoping it to be a goldmine is in my opinion very irresponsible. The way they denied input from the acknowledged security experts into the questions and wording of the exam was possibly their biggest mistake.
The pure and simple fact is - as originally released the question pool was seriously flawed - there were questions with multiple correct answers and you had to guess which one Comptia wanted. There were questions that a friend who is CISSP tells me were virtually word for word out of one of his study books, but the sentences were mixed up slightly and in at least one case was a question with no fully correct answer. | |
| geetus 2004-06-18, 2:51 pm |
| That may be true, RussS, but not all employers follow trends like that. Obviously mine didn't. These certs, no matter what the 'trends' may be, are not worthless. They prove that you have a certain level of knowledge regarding a particular subject. And although most CompTia tests are regarded as 'entry-level', it's still an advantage over someone who may really know the stuff, but is not certified.
Tophat - I completely agree.
Table1972 - I'm glad I could offer a little inspiration. I wish you luck. | |
| table1972 2004-06-18, 11:23 pm |
| A security guru in my opinion is someone who has at least 10 years of highly technical industrial experience in security systems & architectures (design, implementaion, and support), or has achieved significant notoriaty in the area of systems penetration such as Kevin Mitnick for example. Not just someone that has a CISSP.
You mention Comptia pushing the Security+ exam out in the wake of 9/11 and hoping for it to be a goldmine, and that input from acknowledged security experts was denied. Are these statements based on fact (If so where do I find the information specifically relating to it?) or are they based on your opinion?
You also mention that many questions in the original exam contained more than one correct answer, and you had to guess which one Comptia wanted.
As far as technical certifications go I'd say that this is the norm not the exception.
Just look at the answers Cisco expects on the majourity of their exams and compare it to the relevant RFCs. Their Implementation of IPQos, BGP or MPLS being good examples. Sun, Nortel, and Planet3 are also guilty of this.
I do however concede that the security+ cert is supposed to be a vendor neutral certification, and if this was the case it was far from acceptable.
You also mention that there were some questions on the test that were virtually word for word the same as those that appeared in a CISSP study guide.
This not does not mean that these questions are invalid in any way, and just goes to show that the security+ cert has several identical objectives to the CISPP. | |
|
| Ummm - give TCat a yell and you will perhaps get an insite.
Kevin Mitnick?? Hmmmm - more of a celeb than a security guru. Rob Shimonski, Tcat Howser and many more would know a whole bunch more about the overall subject of security, while Mitnick really was one heck of a Social Engineer.
The comments I make are based on sound knowledge and observation. Unlike many in here I am not a youngster starting out, but an old guy who has been around the business world for a long time and decided to leave the stress behind and enjoy myself playing with my hobby. I have nothing to prove to anyone except myself and the reason I am so upset with InComptia is that I personally believed in Security+ and following it through the beta stages was of the opinion that every company should ensure that there network administrator took this exam.
Why? - because I had seen so many business networks that even me with my rudimentary skills could hack that I felt this was something that would really help. Unfortunately they have dropped the ball, and that pisses me off. It embarrasses me too as I had the local Learnkey people import Learnkey system on my assumption that this would really go off. Egg on my face I guess .... lol | |
| table1972 2004-06-19, 1:58 am |
| Fair enough. I've been involved in IT / datacomms for over 12 years, so am not a youngster either (relatively speaking)
Looks like we're just going to have to agree to disagree on certain things.
I'll give you shout for a job up in Hamilton when I get my CISSP/Security Guru-ship eh?
  | |
| Tophat 2004-06-19, 2:10 am |
| i think both of you miss the fact that its the person not the cert that makes someone a security guru. Yes, the cissp is a hard cert to get but certainly not impossible. I got it last month and am damm proud of that accomplishment, but it does not make me an expert in all types of security. The test also does not test hands on security, but more theoretical and managerial security. Telecommunication is only one of the 10 domains they test on. Even though i have the cissp, i am still considering the security+ exam and if not that one, the ethical hacker, giac, or ccsp which are all more hands on, down and dirty in the trenches exams.
i also want to provide this link for a negative perspective on all certification. I don not agree with this article but it shows there are others that do
http://www.cio.com/archive/061504/itwork.html | |
|
| Precisely Tophat. It is the knowledge earned while persuing these ceertifications that is really valuable and not the piece of paper in itself. | |
| table1972 2004-06-19, 5:42 am |
| Tophat
That's exactly what I was trying to say in my previous posting!! Experience is what really counts not certifications! (Ie CISSP Alone does not qualify you as a Security Guru!)
Cerifications may give you a little bit of an advantage when applying for a job especially if a few canditates have similar experience and all interviewed well, then a canditate that has relevant cert/s may well be chosen over one that doesn't (A tie breaker if you like). This is based on personal experience as I've been involved in assisting senior management interviewing many people (2nd/3rd line support roles) in several different companys in a few different countries. There's no doubt about it relevant Certifications impress management (most of them anyway).
Let's put it this way- Certifications aint gonna do your chances any harm. | |
| Tophat 2004-06-19, 5:07 pm |
| I agree that certs will not harm your chances and in most cases get your foot in the door or at least give you a leg up when getting a job. However I am not pursuing the certs to get a new job, I got my certs because it is the best way to show a client that you are qualified for a particular job. Since my reason for getting certified is a little different, I may have a different outlook on certs then others.
After 6 years with the same company, it is a little hard to pull wool over my employers eyes now. They pretty much know what I can do, and what I can not not, so certs would not really prove anything to them. However, perspective clients do not have the confidence (at first) that my boss may have, and to prove to them, we needed an independent third party to verify our skills in addition to our past performance. So in this area certs complement the past performance very well and allow potential clients to have confidence in our work. Naturally you will need a cert in the area of work you will be doing, but if security is the area, I think that the security+ exam would show clients that our staff have the ability necessary. | |
| Redstar 2004-06-20, 7:13 pm |
| quote:
Originally posted by geetus
Currently I have A+, Net+, Security+, and MCP in win2k & win2k server. I just got the security+ & my new employer (very big on certs) was extremely interested in this certification. I think it helped me get a $5k\yr sign on bonus on top of what I'd already been told. So YES! It's a good versatile stand-alone cert. And besides, if you have network security experience, it's a pretty easy test. I am going to get my CCNA next, then continue on the MCSE track, taking 1 extra test in the midst of it all to earn the MCSA in the mean time. Sounds to me like you're on about the same path as I am, cert wise, and I'm doing great (not to toot my own horn, but this job I just got is freakin awesome). Anyone who says it's just fluff is full of it. Yes, CISSP is a very nice cert to have. So is a CCIE Security cert. Those are very tough and also expensive, and depend heavily on extensive experience. I'm 26 and I'm now making about $58k a year, partly thanks to the Security+ cert, so it's nothing to scoff at.
Congrats and thanks for the info  It helps me out a lot on what too do! | |
| reffnerj 2004-06-26, 9:46 pm |
| Yeah I would totally agree with you. My employer flat out said that certs dont help you get raises here, but personally they would hire someone with a bachelors and certs on top of someone with a bachelors and no certs. So it might not neccesarily make you get a raise at work, but it will make you look alot better in an interview. | |
| Crito 2004-06-26, 11:08 pm |
| I guess that pretty much kills any chances Bill Gates, Michael Dell or Steve Jobs will find work, since none of them have a bachelors or any certs. LOL  More often than not all that matters is who you know or who you, uh... well, the last word applies more to Hollywood that Silicon Valley. | |
| reffnerj 2004-06-27, 2:01 pm |
| I'm not saying here are execptions to the rule, there are many brilliant and sucessful people with out formal education. If you look on the net for jobs one of the basic requirements is a bachelors. I would say a good 80% of all the postings I've seen require a bachelors. Knowing people in high places also helps. My company in particular require people with certain jobs to have their bachelors or complete it in a certain amount of time, or else they will get canned. | |
|
| Have you ever heard any of these guys speak? You can read a Bill Gates interview about his "way better stuff" here, in case you haven't: http://www.pcmag.com/article2/0,4149,1537410,00.asp
I assure you they're far from brilliant, just well connected.
Back to the topic of the thread though. I think Security+ is worth getting, obviously, as it's on my to-do list. Some companies place a greater emphasis on paper than performance, but those that do are either government contractors or soon to be bankrupt. If an employer doesn't care how hard you work or how much money you make/save them, just about the completion of certs and degrees, you're probably better off working somewhere else anyway. | |
| WindsorFox 2004-09-06, 2:20 am |
| I am going to be starting a course for MCSE the first of Oct. I know that if I hurry and get Security+ that it counts toward the MCSE, but what I'd like to know is if I wait and take the MCSE can I choose the CompTIA Security plus as an elective and end up with the Security+ certification at the same time as the MCSE?? I know I can study and pass that test in a week or so, should I go ahead and do that now before I start that possible year long venture toward my MCSE cert?
TIA | |
| WindsorFox 2004-09-06, 2:46 am |
| quote:
Originally posted by reffnerj
I'm not saying here are execptions to the rule, there are many brilliant and sucessful people with out formal education. If you look on the net for jobs one of the basic requirements is a bachelors. I would say a good 80% of all the postings I've seen require a bachelors. Knowing people in high places also helps. My company in particular require people with certain jobs to have their bachelors or complete it in a certain amount of time, or else they will get canned.
I know I'm the n00b here but I just have to sound off on this. I was passed over for a job for someone with a BS and no certs and 1 year of experience. I have 25 years in electronics the last 8 in networking, computers and alarms. Now they have a dilbert in a job that he can't do, but of course, he has a degree. Some employers need to wake up and realise that a degree means very little compared to many years of actual experience in many cases. | |
| walterbyrd 2004-11-09, 8:57 am |
| I have the sec+, and I'm studying for the CISSP.
From what I've seen, the security+ is almost entirely unrecognized. Go to dice.com and do a nationwide search on CISSP, then on Security+. CISSP will get you about 400 hits, Security+ will get you about 0 hits.
GIAC is the second most popular cert after CISSP. Although it is a distant second. A nation-wide dice search on GIAC and GSEC added together might get you 30 hits.
Other than CISSP and GIAC, everything else is essentially unrecognized. |
|
|
|
|