To Be, or Not To Be — Certified? That Is the Question. Or, Is It? (ITSP Magazine)


I’m lucky. I get to fly all over the world and talk to security teams of all sizes. Regardless of the technology discussion at hand, the one question I seem to get asked the most is, “What certifications should I go get?” A close second is, “Are they worth it?”

I know people who are heavily certified, not certified and currently pursuing certifications. And guess what: All of them are really good at InfoSec. Lots of people were doing InfoSec before it was cool and just never had to prove they knew what they were talking about. For those who are new to the game, many of us having been in the cybersecurity field since the 90’s, and a handful of others have been doing this since even before then. Yes – InfoSec was a thing in the 70’s and 80’s.

I will frame this discussion for those of you who started your careers more recently, and who likely will have to enter your career through the front door, with the proper credentials.