To Cert or Not Cert


As a professional in the cybersecurity realm, I take pride in always bettering myself through education. Most of the education I obtain involves additional certifications. Our field is an ever-changing mass of technology. Training helps keep us current in the latest (not necessarily greatest) technologies. Most IT training culminates with a test of knowledge and the awarding of a certificate. Many IT Certifications also require on-going training to maintain proficiency in your certification field.

Since entering the IT field later in my career-life, I noticed an on-going debate amongst cybersecurity professionals: to cert or not to cert. There seems to be those (like myself) that push the obtainment of a certificate(s). On the flip side, there are those that tend to lump certificates into the “not-needed” category. Mostly, the argument is “learn it yourself”. This is especially true among “hackers”. I say “hackers” because the term hacker is actually a misnomer, and can be its own topic. The bigger picture considers whether a certificate outweighs a degree program. Being a certified trainer in several of the large certification realms, I might tend to be a bit biased. But let’s clear the air for a second and give full disclosure.

I’m an ex-cop. Don’t hate me, I was “the man” for 20 years. I then entered the IT industry and wished I had done it a lot earlier. Regardless, I put myself back through college. The degree program at my local college also included the ability to obtain the Cisco Certified Network Administrator (CCNA) certification. With no basis on how IT companies did their hiring, I felt that my Bachelor’s Degree in Criminal Justice, along with an Associate Degree in Network Administration, would offer a leg-up on job hiring. Boy, was I wrong.

You see, most of the companies I started applying for didn’t care about my degree(s). They immediately zeroed in on my certification, and how current it was. That was the beginning of my education into the certification realm. “Certs” matter! As former President of the St. Louis chapter of (ISC)2, and current member officer, I see this every day. Most companies will list a litany of requirements for a position. To be honest, if they are using a shotgun-type list of requirements, they don’t really know what they are looking for. But they will often throw up the degree requirement, because they want people that will follow through.

Honestly, a degree is only as current as the last class you took before graduation. Those classes you took 3 years ago, that knowledge has started to age; especially in the tech world. But show up with certifications, and you are more marketable to a business. Why?

Certifications show a company that you have taken and passed an exam that is designed to test your knowledge in a specific area. Back when I took the CCNA, that was probably one of the hardest tests I had taken. One of my jobs required me to obtain the CEH, and my brain hurt after that one (it was a boot camp, and I was still fairly new to IT at that time). Then I took the CCNA-Security exam, and thought it wasn’t that bad…until I took the CCNP. As I progressed in my knowledge, the exams became harder. SSCP, CASP, and, finally, I took the leap and obtained my CISSP. That was, by far, the hardest exam I had ever taken.

But an employer knows that these certifications are meant to test your knowledge. The governing bodies of these various certifications ((ISC)2, EC-Council, CompTIA, SANS, Cisco, Microsoft, etc.) know they need to keep the exams relevant and current. They work with industry partners to see what the industry is looking for from applicants and change the exams accordingly.

Are there “cert-tigers”? Absolutely! The industry attempts to keep their certification material proprietary. Large banks of questions, changed every couple of years, helps to keep cheating to a minimum. The bigger certification bodies, like (ISC)2 or CompTIA or SANS (among others), attempt to keep cheaters at a minimum. Does cheating occur? Oh yes! But those people will be flushed out if they make it through the interview process and land a job.

Does having a certificate guarantee you a job? No. But that certificate will definitely put you in a higher pay bracket. The last data I have seen showed a CISSP holder should be in the $105-$120k salary range in the St. Louis, MO area. That’s a significant jump in salary for some people.

The nay-sayers will say “train yourself”. “Look to Google”. “You don’t need a certification”. There are some positions out there that may not need a certification, as long as you can show the skills and talent. But, what if you want a Federal job? Or, a job affiliated with the Dept. of Defense? Then you WILL need a certificate in your job field. More and more employers are requiring certifications.

Alpine Security’s trainers work in the field they train in. Penetration testing, policy development, incident response, security auditing, forensics: we all have experience in those fields. Several of us have multiple certifications, obtained via hard work, discipline, and a passion to learn and better ourselves. Don’t discount obtaining a certification! That certification may land you the job or allow you to argue for a pay increase! Come take a look at what we offer for training at Hopefully, I’ll see you in a future class!

Author Bio

Norm Muelleman is a Sr. Cybersecurity Engineer and Trainer with Alpine Security. A retired 20-year veteran of law enforcement, he made the jump to the IT realm in 2010, initially as a Network Administrator, obtaining several prestigious certifications, such as CCNA, CCNA-Security, and CCNP. With his law enforcement background, he decided to move into cybersecurity, leveraging his networking skills into his new security skills. He holds multiple certificates, including the Certified Information Systems Security Professional (CISSP), System Security Certified Professional (SSCP), Certified Authorization Professional (CAP), Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), CompTIA Advanced Security Practitioner (CASP), and the Certified Network Defender (CND). Norm has worked for various large corporations, and has traveled on behalf of Dept. of Defense to Iraq and Afghanistan for the US Army and the United States Marine Corp.

In his spare time, Norm works with Toastmasters International to work on building his speaking and leadership skills.  He obtained the Competent Communicator and Advanced Leader Bronze status. He was the former President of the St. Louis (ISC)2 chapter and has rejoined the chapter as Membership Officer. He loves working on classic cars, camping, fishing, and skydiving.