Do Credentials equal Credibility?

This is a debate I regularly get into with my team. Personally, I think that yes, credentials can bring credibility with an audience, or with a prospective employer. Lets look at how this works:

C|EH (Certified Ethical Hacker). Anyone who has been in that area of work for a number of years will state that the C|EH is rubbish, and, of course, they are right. Having done the qualification, I can vouch for the fact that it is a tools based approach to hacking, with a heavy slant towards using windows as your attacking platform (which is wrong for so many reasons). It does however, give you the basics, and teaches you about basic methodologies etc. …..So, you might ask, why do I say I am a C|EH, if I know its pointless? Simple. To a purist hacker, its a waste of time, but commercially it has value as it is recognised by clients and companies alike as the de facto standard for hacking. This difference in perception is a prime example of how a qualification can bring credibility with the audience you want. All of my team are C|EH, because, when I write a proposal for a client, I can say, all my team are “Certified Ethical Hackers”. They of course understand this and as a bonus, the first two words add a level of “comfort” to what sounds like a venture into the dark side!

Now, let’s look at another qualification (CISSP) “Certified Information Systems Security Professional”. This is about the best baseline security qualification in play today. It is very broad in it’s syllabus and well maintained through its CPE “Continual Professional Education” requirement. This qualification really does work on both sides of the fence. Clients like it and so do the professionals What it doesn’t do is guarantee that the holder of the qualification is a deep specialist in a given area, but what it does very well, is mandate a baseline of knowledge with real width in the subject of security.

Here are my views on how they pin together:

Some example credentials that mean something to your peers:

  • GIAC’s (Any of them!)
  • CITP
  • OSCP

Some example credentials That mean something to your clients or employers:

  • ITiL
  • PRINCE2
  • C|EH
  • CCNA

Some example credentials that mean something to everyone:

  • CISSP
  • CCNP

This is not the most exhaustive list, but is a start. The underlying piece of advice here is, when your picking a credential to study for and invest in, think how it will add value to you and your situation, and see if there is a better option available. Knowledge can be learned for free, credentials have to be bought!

Leave a Reply

Your email address will not be published. Required fields are marked *