Now with the CISSP in particular it makes sense, you need experience to logically perform the tasks of a CISSP, but I would not like this to be the case for other certifications. For me, when I pursue a certification, I am learning new things, not just confirming previously held knowledge. When I study for CCENT like I am currently, it is my first time working with Cisco products (excluding the requisite Linksys products). Like Lupin said, he has the knowledge and ability, he doesn't need the certification.
Do most employers even recognize Associate of ISC? I had to consider that when I was looking at SSCP.
"You're only smoke and mirrors..."
On the radio all you heard were 'get rich quick, become a systems engineer' commercials.
I have a MCSE in NT4 and 2000 from back then, but I stopped certs all together when my manager at the time who couldn't even tell you what dhcp is got his mcse from a bootcamp. He said they feed him the actual questions for 10 hours and then he would take the test over and over until he passed. With an instructor 'watching' if necessary. I spent 13 months on the NT4 one and 11 months on the 2000 one. I was pissed.
IMO, we need something like the CPA that accountants have. An exam you take ONCE, and then just maintain with CPE.
Another thing that got to me is at one time I have 4 high level certs and then I realized, how the hell am I going to re-certify? I would have to recertify 1 exam a year. That with work = stagnation and no life.
And lots of people try to get jobs that they aren't qualified for - its not just a problem in the IT field.
I only really got this Microsoft certification because it was a requirement for my Masters degree, I didn't get it out of an expectation that it would help me get a better job. The Microsoft certs don't have a good enough reputation to make it worth the effort you have to put in to getting one (your estimate of 20 tests was only a slight exaggeration, I think it takes about 8 or 9 tests to get a Server 2003 MCSE)
I think it's sad, a few bad apples in years gone by make it harder for those of us up and comming to get on a level playing field.
"You're only smoke and mirrors..."
I've met a few CISSP's in my runs around the security industry, and have thus decided NOT to get mine anytime soon based on the majority of their knowledge (there are some - mostly whom I have never met - who go against the grain, but so far those in Australia have not instilled much faith in me). Not necessarily pertinent to the thread, but I thought I should contribute a bit after the MCSE thing.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
- I don't understand how these people passed exams. I am currently studying for an MCSE. I am done with the networking part and am learning the Exchange 2003 server. It's time consuming, since I got a full time job and run a small computer business. Yes, there are a lot of exams, it's pretty crazy. Personally I can't wait to end this cert and go on with something in the security field.Lupin: " witness how the MCSE was devalued because of all the certification holders who couldn't even perform basic Windows admin tasks"
We all have jobs because of Microsoft, no matter if you administer a Windows environment, or do pentesting.
I am pretty sure it's not devalued, at least I hope it's not. I still see ads and some pretty good salaries out these for system engineers( 50k-55k with no experience to 65K with experience, certified, now that's not bad at all). Well, that's what they offer in S. Cali .
I think cheap employers and stupid HR people devalue it.