On Tue, Apr 6, 2010 at 10:30 AM, Alan Johnson <a...@datdec.com> wrote: > What we are trying to figure out is if we > should included any certifications in either the "required" or "desired" > qualifications.
Some of this depends on what the job duties will really entail. That is, whether the "IT Security Officer" going to be more about managing people and workloads than actually vetting the technical aspects of security. You emphasize production systems; in that case, I presume more technical stuff. Tech certs are, of course, more applicable for tech stuff. Some will depend on the nature of the employer/supervisor. Some places really like certifications and such; others are almost hostile to them; most are in-between. The DoD is now requiring all staff who work in an Information Assurance role to maintain security certifications. That includes staff of commercial contractors. I have yet to see tests or courseware, but looking at the brochureware, the GIAC/SANS and ISC^2 certifications describe what look like good programs, once you get beyond the fundamental levels. Personally, while I place relatively little value on fancy pieces of paper, I don't think they're worthless, either. Certifications are commonly used as part of a resume screening process. If you get 1000 applications, narrowing the field is difficult. So require a certification, and you at least filter out the people who spam every tech job they see. Full disclosure: I have no college degree and no major certifications. [However, on several occasions, I've been told I'm "certifiable". ;-) ] -- Ben _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/