The other day Daniel Dib (http://lostintransit.se) asked me an interview question. The question was about certifications. What do I think about them…. and are they losing their “value”.
Poor certifications. People question their value. Of course “value” typically means for many what can the cert “do” for you once you have it. People also get so judgemental of others for “collecting” them. And yes… when I was younger I was, admittedly, one of those people who looked down on people I viewed as “cert collectors”. Poor poor certifications. In every area certifications exist they can get a bad rep. IT industry, Scuba Diving, .. heck even in girl scouts when there was always that one girl who wanted to try to get every possible girl scout badge. 🙂
Why I Like Them and How I Use Them
In 2012 my view on certs changed. I realized I could use them to my advantage to help me organize my learning by making goals and signing up for certs. You see, back in 2010 I had bought a few books about Wireshark by Laura Chappel and told myself I would make the time to learn Wireshark better. I loved Wireshark and knew that my on the job learning of it was barely scraping at the surface of what it could do and how it could help me with troubleshooting. Two years later i still hadn’t made the time and I was still at the surface with Wireshark. That is when I noticed that one of the books (the over 700 pages one) happened to also be the “Official Wireshark Certified Network Analyst Study Guide”. Oooooo there was an exam I could take. I could make a plan and set goals… learn… and take the exam.
And it WORKED! I set a date… I planned the plan with work and life also in mind… and I executed the plan. I finally was able to really set aside the time and truly learn Wireshark at the level I was craving. Something I had been completely unable to do for 2 years prior to that. And wow wow wow…. what all I learned during that time frame I was studying for the test.
As some of you know… I’m a little … um… “A.D.D.”… ooooo look a pretty shiny squirrel. Oh crap… where was I? Oh right — Certifications: Why I Like Them, How I Use Them and My Plan for Security Learning
I think Certifications can be used to help make plans and goals for our personal learning. To give some of us who could benefit from a framework, goals, and planning that exact environment for our learning.
Which exams “should you take and when?” Well if you are using the exam date to help you set a framework and goals and plan for deep and rich learning…. and not about just the cert collecting.. then I’d say that order is important. Why? Because sometimes you need base knowledge to help you truly get a deeper and richer learning experience from the experience of studying for the cert.
Two Examples:
- PADI Peak Performance Buoyancy
- Wireshark Certified Network Analyst
I took the PADI class and exam after years of scuba diving and with over 100 dives logged. I took the Wireshark exam after years of very strong foundational knowledge of UDP, TCP, HTTP, 802.11.. etc. Just happened that way. Looking back I can see how timing was everything for these two exams. What I learned and what I got out of the experience was so much richer then if I had taken them to just “collect certs” without that strong foundation and base knowledge.
Begin with the end in mind. Why are you going for the cert? Cert collecting or learning? If it is learning… there may be a structured approach with steps and a sequence that might help. It’s about your learning… your plan… your goals.
So… we covered “Certifications: Why I Like Them and How I Use Them” now let’s dive into ….
My Plan for Security Learning
I am planning on using Security certs to help me plan and create a framework for my Security Learning.
Obviously while I say I’m “moving into Security” I’ve been in Networking for years now. So I do know a great deal about “basic network security”. But I feel I am lacking some of the foundational understanding of the Security Landscape. And I want that. I want to fill in the blanks and strengthen my foundational knowledge so I have a better base upon which my advanced security learning can grow.
Some people have asked me “Why not just use the CCIE Security exam?” To me, the learning plan/framework with the CCIE Security written as the only cert goal just feels so much different than a plan/framework with the CCNP Security stuff in there instead. I feel like if I did the CCIE Security exam as the plan/framework I would miss too much of the foundational part of the learning I would get with the CCNP exams.
I’m super excited about my big Security Journey…. I’m not in a rush. I want a strong foundation to build my advance learning on.
So what is my plan?
CCNP Security exams for sure as a start. The order won’t be straight forward. My plan is 300-206 first (exam date is December 19th). Next exam I plan to take will actually be 300-209 which has DMVPN and GETVPN and other things in it I’m already familar with. For 300-206 and 300-209 I think it is, for me, about filling in some blanks and brushing up. So my plan for studying for these is looking at exam topics and review. Plus I plan to go through the INE All Access Pass for these exams.
Both 300-208 and 300-210 will have more things on them that are newer to me and I will have to dig in a little deeper and work a little harder. So my plan for these will be sometime after CiscoLive Barcelona. My plan is to fill my CiscoLive Barcelona week with lots of Security learning that will also help me with there exams. After drinking from the firehose on varying topics…. then go back… knowledge in hand… and watch the INE videos for 300-208 and 300-210 to have them help me take all the knowledge and piece it together to help prep for the exam.
CCNP Security Exams –
300-206: SENSS Implementing Cisco Edge Network Security Solutions (SENSS)
300-208: SISAS Implementing Cisco Secure Access Solutions (SISAS)
300-209: SIMOS Implementing Cisco Secure Mobility Solutions (SIMOS)
300-210: SITCS Implementing Cisco Threat Control Solutions (SITCS)
Obviously Security is ever changing and growing. And I’m sure there will be more certs I will use as I try to setup plans and goals for learning still more. But for today… these are my steps. 🙂
Great article and precisely how I use Certification’s and their pathways to focus and structure my learning. 🙂
I’m definitely on a learning binge right now with security. And I really find I’m needing the cert goals to help me with my focus and structure. 🙂
A couple of vendor neutral things you might want to look at in the security realm:
-SANS does some great security classes & GIAC certifications, they cost a bit though.
https://www.sans.org/course/advanced-network-forensics-analysis
https://www.sans.org/course/continuous-monitoring-security-operations
https://www.sans.org/course/intrusion-detection-in-depth
-There are a ton of low cost infosec/hacker conventions. Shmoocon is coming up soon in DC; B-sides events held are all over the place.
-Most of the talks from the infosec/hacker conventions are freely archived at http://www.irongeek.com/
Yes… definitely also going to be exploring vendor neutral stuff as well. Which ones are you thinking of or suggesting? thanks.
Great Blog Fish!!! It made me think. Enjoyed it. Thanks
ROFL. You do know I know who you are right? Glad you liked it my dear friend. By the way, Keith, when are you finally going to guest write out here on some FirePower or AMP thing?
Nice! Exactly how I use them and plan to in the future!
Helps me tons! 🙂