HOPE 2022 Talk - Certifications The Good The Bad and The Ugly.pptx
tomkranz
10 views
11 slides
Oct 08, 2024
Slide 1 of 11
1
2
3
4
5
6
7
8
9
10
11
About This Presentation
As hackers, we all have unique skills and abilities that are in huge demand globally. How can we demonstrate to non-technology people - HR and hiring managers - the value of the work we've done?
Increasingly, everyone is turning to certifications as a way to demonstrate their knowledge and sk...
Slide Content
Certifications: the good, the bad, and the ugly Tom Kranz, A new hope 2022
So, why listen to me? Over 30 years in the IT and Security industry. Ran my own consultancy as well as working for Big4 and niche consultancies. Author of two books, with “Making Sense of Cybersecurity” published shortly. Spent a lot of time mentoring, training, hiring, and building security teams. LinkedIn: https://www.linkedin.com/in/tomkranz Mastodon: @[email protected] This rundown of certifications is based on ‘what works’ in the real world.
Certifications: history – and why? IT and Security both still immature industries (compared to medicine, civil engineering, etc.). How do you know you’re hiring someone who’s any good? How can you differentiate your expertise from everyone else? Certifications used as a way of demonstrating a level of expertise with a technology or skillset. And then it kind of all went a bit wrong ……
And we’ve ended up with this
Cybersecurity career progression EXPERTISE DEPTH OF KNOWLEDGE
what makes a bad or good certification? Bad : Pay to play. Focus on tools rather than techniques. Any mention of ‘ethical hacking’. Vendor-specific. Claims about post-certification salary increases. Good : Capstone to existing experience. Has a practical component to exams. Different certification levels to test both breadth and depth of expertise. Has an aspect of continuous training to ensure knowledge remains relevant.
The good CompTIA Network+. CompTIA Security+. CCNA Security (Cisco Certified Network Associate). ISACA CISM (Certified Information Security Manager). OSCP (Offensive Security Certified Professional). ISC 2 CISSP ( Certified Information Systems Security Professional).
The bad CEH (Certified Ethical Hacker). In fact, anything from the EC-Council. Vendor certifications. Anything “pay to play”. SABSA (Sherwood Applied Business Security Architecture).
The ugly SANS. GISP (GIAC Information Security Professional) equivalent to CISSP. C3 from Concordia. https://www.concordia-h2020.eu/becoming-a-cybersecurity-consultant/ Degrees. Look for GCHQ and NSA validated. CREST. Ruh-roh.
A warning about the future The UK’s Department for Media, Culture, and Sport (DCMS – aka “The Ministry of Fun”) setup the UK Cyber Security Council. Started a consultation by the UK government to look at: Mandatory certification for all recognised cybersecurity roles. Mandatory cybersecurity professional register. Poorly thought out plan by people not doing the job: Puts people in pigeon holes, making career progression difficult. Doesn’t recognised the reality that in any role we often wear multiple hats. Solve the ‘skills shortage’ by gatekeeping and limiting opportunity: what could go wrong?
Questions?
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 10
- Slides 11
- Age 418 days
Related Slideshows
11
TLE-9-Prepare-Salad-and-Dressing.pptxkkk
MaAngelicaCanceran
30 views
12
LESSON 1 ABOUT MEDIA AND INFORMATION.pptx
JojitGueta
24 views
60
GRADE-8-AQUACULTURE-WEEKQ1.pdfdfawgwyrsewru
MaAngelicaCanceran
39 views
26
Feelings PP Game FOR CHILDREN IN ELEMENTARY SCHOOL.pptx
KaistaGlow
39 views
![Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx](https://slidepub.com/thumb/5828/284015828.jpg)
54
Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx
acecamero20
23 views
7
Jeopardy_Figures_of_Speech.pptxvdsvdsvsdvsd
acecamero20
24 views