- Listings
- Profiles From The Front Lines
- Does Certification Really Matter?
- GIAC Hero
- Business Card Logos
- Peter Giannoulis - Information Security Consultant, Access 2 Networks, GIAC Certified (PDF)
- Charles Hamby, GIAC Certified (PDF)
- Lori Homsher - Senior Manager, Advanced Technical Skills, GIAC Certified (PDF)
- Maarten Hartsuijker - Senior Manager, Advanced Technical Skills, GIAC Certified (PDF)
- Kevin Alford - Senior Manager, Advanced Technical Skills, GIAC Certified (PDF)
- An interview with David Fitzgerald - April 2, 2008
- An interview with Kevin McLaughlin - March 27, 2008
- An interview with Gabriele Biondo - February 11, 2008
- An interview with Fred Abell - December 7, 2007
- An interview with Geoffrey Poer - November 28, 2007
- An interview with John Strand - October 3, 2007
- An interview with Stephen Sims - October 2, 2007
- An interview with Jim Hendrick - October 2, 2007
- An interview with Seth Misenar - June 5, 2007
- An interview with Ronaldo Castro de Vasconcellos - April 30, 2007
- An interview with Dan Rathbun - April 30, 2007
- GSEC v. CISSP - March 19, 2007
- An interview with Matthew Romanek - December 6, 2006
- An interview with Andrew Hay - July 2, 2006
- An interview with Chris Cooper - May 3, 2006
- An interview with Leonard Ong - March 29, 2005
- An interview with Don Murdoch - December 3, 2004
- An interview with Brian Stafford - June 25, 2004
- An interview with the GIAC Advisory Board - June 1, 2004
- An interview with Peter Giannoulis - May 21, 2004
- An interview with Shabbir Bashir - May 12, 2004
- An interview with Craig Robertson - April 28, 2003
- An interview with Steven Drew - March 25, 2003
- An interview with Darrin Wassom - March 18, 2003
- An interview with Stephen Northcutt - January 2002
- 1. What prompted you to contact Does Certification Really Matter?
I really enjoyed the interview with Peter Giannoulis, a good friend of mine, and would like the opportunity to contribute my thoughts as well. I'm also a big proponent of certifications as a way to validate one's experience and knowledge.
- 2. How long have you been in the industry?
I have over 9 years experience in IT and am a frequent reference point for colleagues seeking information on 'the next certification'. I am also a technical trainer and solutions architect for Q1 Labs Inc and CEO of my own security consulting company, Koteas Corporation.
- 3. What certifications do you have?
I currently hold the following certifications:
- Check Point Certified Security Administrator (CCSA)
- Check Point Certified Security Expert (CCSE)
- Check Point Certified Security Expert Plus (CCSE+)
- Check Point Certified Security Expert NGX (CCSE-NGX)
- Cisco Certified Network Associate (CCNA)
- CompTIA Security+ (Security+)
- Red Hat Certified Technician (RHCT)
- Red Hat Certified Engineer (RHCE)
I've completed part 1 of the GIAC Intrusion Analyst (GCIA) and will complete part 2 by July 17th.
- 4. Wow, that is quite a list, which one did you take first and why?
My first certification was the Check Point Certified Security Administrator (CCSA). When I worked at Nokia Enterprise Solutions there were certain pre-requisite competencies to move from a contractor into a full time position. I worked quite hard during my first year to achieve not only the CCSA but also the CCSE, CCNA, and Security+ to differentiate myself from the other contractors looking to get hired full time. Within 8 months of my start date (and my new bag of certifications) I was hired on full time at Nokia.
- 5. Did it change your professional life in any way?
Definitely. While working at Nokia I found myself wanting to learn and experience more of what was going on in the industry. I decided, with two colleagues, to start a security consulting firm to assist government and enterprise customers during off-hours. The response was incredible and we landed several large customers that required work on an 'as needed' basis. Each customer was incredibly impressed with the technical competencies and related certifications that we held.
- 6. If you were advising someone just getting into Audit or Information
Security what you recommend in terms of training and certification?
"Security" isn't solely about having security knowledge. If you don't understand the basics, such as TCP/IP, routing, switch, or how operating systems work, then you won't be very successful in the industry. I would highly recommend some foundational certification tracks like the CCNA, Security+, SSCP, GSEC, etc. Ultimately, I find that the desired role dictates the training required (i.e. security manager vs. firewall administrator).
- 7. What about someone with ten years of experience that wants to jump-start their career?
The first thing I would suggest is to pick up a book. Not everyone in this industry has the money or the time to attend formal training and everyone can, and should, make time to read every now and then. The books listed on the SANS Recommended Reading list are some of the best out there and you should take advantage of other people's knowledge and experience.
- 8. For an experienced person in our industry is a certification or series of certifications more important than a master's degree?
I think it really depends on the person doing the hiring. I find that the "Baby Boomer" generation puts far too much emphasis on the importance of a 'degree'. I have been eliminated from certain competitions in the past simply because I did not hold a degree, regardless of how qualified I was. I think that certifications are starting to gain the recognition they deserve in the industry just as managers are starting to see the importance of validating one's competencies.
