Why Certify: John Strand

Why Certify:

October 3, 2007


What attracted you to the Internet Security field?

Mainly the fact that I would never get bored. Many positions require you to eat, sleep, and live a particular OS, or an application. Security requires you to eat, sleep, and live all of them.

Can you share how the decision was made for you to obtain GIAC Certifications and the value of such certification?

My first certification was Hacker Techniques and Incident Response. When I looked at the other offerings at the time there was no competition. Looking back, it taught me exactly what I needed. "All killer, no filler." The amount of information was just astounding.

Many people are wondering if a Security Certification really makes a difference, do you feel this has helped your career?

I wish we lived in a world where things like certifications did not matter. However, looking at what it did for me personally to get certified, it was huge! It pushed me to a level where I would not have gone without "going for the test." So, from a personal development and career advancement perspective, I would be nowhere near where I am now without my certifications.

It is also now one of the things that recruiters look for. If you even want to get looked at for a mid-level or advanced position, you need them.

Does the GIAC certification help you respond to threats better, faster or more efficiently?

Without question. What SANS teaches, and what GIAC tests on, is real-world and hands on.

Do you feel these certifications have helped your company's overall direction and bottom line?

I have seen certifications have a significant impact to the bottom line of many companies, especially in the DoD/SCI areas. It is now a requirement that a significant portion of the people you bring to the contract have certifications. But, before we even had codified requirements, it was impacting many proposals, and contract wins.

Did you take any additional Security Certifications or will you attempt the GSE Certification?

The GSE is lingering, it will just be a matter of time till I go for it. As for additional certifications, I am planning on going for the GIAC Intrusion Analyst and GIAC forensics.

Are there any plans to require new hires to have or obtain Security Certifications as a condition for employment?

Absolutely, our customers require it.

What are your plans for personal development in the future? Where do you think you'll be two years... five years?

As of right now I am looking to writing a class for SANS, contributing to my website (www.john-strand.com) and eventually going for my law degree.