February 11, 2008
Please let me introduce myself to your readers. My name is Gabriele Biondo, and I am a 37 year old IT manager. I was born and raised in Florence, Italy, and I managed to work in several other countries. Nowadays, I am living and working here in the Netherlands. So far, so good *smile*
How did I become involved with IT? It's a lifetime passion: the only natural evolution from the Nintendos to the Macintosh, to Unix, and I was somehow lucky to follow such a strong passion. In fact, my whole life has been driven by this passion, starting with my education, environment and background. I found myself involved in this industry and job market even before I was able to realize what was happening.
I had a different introduction to the IT security world. I first encountered incident response while working in Italy as a system administrator for a university: a student used a workstation to menace and blackmail one of his teachers - who then reported the fact to the police. Needless to say, my team and I had to help the police force on a technical level, and... yep, that is how it all began.
Does a certification count? Nice question - I would argue that everything counts and helps, depending on who uses it. As for myself: I am an OPST (2003), a CISSP (2007), and I am now planning to take the CISM (due this year). Only by analyzing the intended audience of these titles, I should give a positive answer.
OPST is a professional certification focusing on penetration testing techniques, whereas CISSP is addressed to architects, mid-level managers, and security professionals. CISM is aimed to mid-to-high level security managers.
During the last several years, I have been working as system administrator, consultant, Storage Area Network manager, and now I cover a role as Capacity Manager. Certifications have had a real importance in my career, not only as milestones, but also as a compendium for my activity.
Studying for a professional certification is usually complex, and I strongly believe there is no single standard nor "best" study methodology. The difficulty of the exam and the way to prepare for it depend, of course, on the subjects, the type of exam (for instance, hands-on exams like OPST have different prerequisites compared to more theoretical exams), and other exogenous factors including your background, education, and personal attitude towards the subject.
As for myself, I take every exam as a project and a personal challenge giving myself the emotional strength to wake up earlier in the morning in order to study: that's pushing myself to succeed. To consider an exam as a project forces me to create a detailed study plan which I have to respect. For instance, I studied CISSP for three months, waking up 2 hours earlier every day (yep, weekends included), filling my rooms with sketches, papers, notes, etc.; actually nothing different from what I did at school, maybe a little a bit more structured.