October 3, 2007
- What attracted you to the Internet Security field?
Mainly the fact that I would never get bored. Many positions require you to eat, sleep, and live a particular OS, or an application. Security requires you to eat, sleep, and live all of them.
- Can you share how the decision was made for you to obtain GIAC Certifications and the value of such certification?
My first certification was Hacker Techniques and Incident Response. When I looked at the other offerings at the time there was no competition. Looking back, it taught me exactly what I needed. "All killer, no filler." The amount of information was just astounding.
- Many people are wondering if a Security Certification really makes a difference, do you feel this has helped your career?
I wish we lived in a world where things like certifications did not matter. However, looking at what it did for me personally to get certified, it was huge! It pushed me to a level where I would not have gone without "going for the test." So, from a personal development and career advancement perspective, I would be nowhere near where I am now without my certifications.
It is also now one of the things that recruiters look for. If you even want to get looked at for a mid-level or advanced position, you need them.
- Does the GIAC certification help you respond to threats better, faster or more efficiently?
Without question. What SANS teaches, and what GIAC tests on, is real-world and hands on.
- Do you feel these certifications have helped your company's overall direction and bottom line?
I have seen certifications have a significant impact to the bottom line of many companies, especially in the DoD/SCI areas. It is now a requirement that a significant portion of the people you bring to the contract have certifications. But, before we even had codified requirements, it was impacting many proposals, and contract wins.
- Did you take any additional Security Certifications or will you attempt the GSE Certification?
The GSE is lingering, it will just be a matter of time till I go for it. As for additional certifications, I am planning on going for the GIAC Intrusion Analyst and GIAC forensics.
- Are there any plans to require new hires to have or obtain Security Certifications as a condition for employment?
Absolutely, our customers require it.
- What are your plans for personal development in the future? Where do you think you'll be two years... five years?
As of right now I am looking to writing a class for SANS, contributing to my website (www.john-strand.com) and eventually going for my law degree.