IT Certs

[Sky]

So a local college just got a grant for a hojillion dollars (1.6M, iirc) to give out in the neighborhood of 2500 Cert training courses. Unclear on if they'll offer the testing at this point, I just got off the phone with the rep over there. I got all excited because they mentioned in the email MCITP and CCENT, both of which I'd like, especially given the goddamned funding problems hitting libraries (open your paper, your library was probably cut and in trouble). Bzzt, they are having trouble finding a teacher and aren't sure it's in the budget. Few pro level students have contacted them, so we're going to try and push for both. Right now they're looking at comp tia stuff via sybex, A+ and Security+. Before I worked at the library I was looking into A+ and it seemed really outdated for the time (1999), focused on a ton of minutiae that is more or less irrelevant to daily IT work (memorizing BIOS codes or something).

So a couple questions to the certed folks here.

If you had to choose between the MCITP and CCENT, which would you prefer and why?

Is the A+ good now? Security+?

The training is free, and it looks like I need to bulk up the resume, so I'm going to take everything they're going to offer and be a generally bug up their butt for the next three years of the grant. I'm just wondering where to focus my initial energy, since the first things I tackle will probably be what I lean on for a job search next winter when the government decides to do away with library funding.

[Hawkbit]

I've been out of the industry for 10 years, so take this with a grain of salt.

I did my A+ in 99 and it was basically a computer primer.  It always supports outdated o/s and is really just for establishing a baseline knowledge for technical support.  I was in the middle of working on my Network+ and  MSCE/MCP when I said fuck it all, and the MCSE/MCP is kinda like the MCITP now.  It's a good, rounded plan for getting your foot in the door for a networking position.  You will be expected to continue educating while working if you get a job with that tech degree.  Cisco certifcation were not for the faint of heart and our company would not offer paying for them unless we had A+, Network+, MCP and MCSE under our belt.  

My two friends that have worked their way up the ranks through all that crap and finished their CNAs (CCENT) are making between $60-75 right now, neither has a college degree more than an associates.  One has to work in very, very hazardous conditions though (medical testing lab with Anthrax and other biological agents).  So be prepared for some odd jobs sometimes.  

The basic path 10 years ago was Comptia (A+, Network+) ---> Microsoft (MCP, MCSE) ---> Cisco (CNA).  I would be surprised if it has changed drastically.  

Good luck on getting the funding.  As long as they can get you all the way to where you want to be, it will be worth it.  I'd be concerned about them pulling funding halfway through your coursework, imo.  The way things are funded these days.... everything in two year cycles.  

EDIT: Changed CNE to CNA. 

[Yegolev]

Besides what Hakwbit posted, which I agree with, I would only suggest that you read on the material the cert covers and determine if that is what you want to do.  I'm looking at certs again after ten years as well, but it's more mid to high range stuff, although I'm planning on blowing through a three-pack of intro Linux classes this year.  I read class summaries and decided if it was something I was going to be bored with or not.  For getting certs, though, I'm hoping to simply read some books and take practice tests.  My actual class choices are based on what my boss says I need to do (other than "get certified") as well as current gaps in my education as far as what I am supporting.  Basically I chose Baby Linux, Advanced Power Virtualization and HACMP (which has a new name of course).  My fourth pick is actually to attend the IBM conference in Miami, for which I need to print business cards for beforehand.

[fuser]

The basic path 10 years ago was Comptia (A+, Network+) ---> Microsoft (MCP, MCSE) ---> Cisco (CNE).  I would be surprised if it has changed drastically. 

That's actually a useless Novel cert I have go figure. Think you mean CCNA or CCIE.

If you had to choose between the MCITP and CCENT, which would you prefer and why?

Is the A+ good now? Security+?

MCITP, everyone has some sort of Microsoft equipment. Not everyone runs Cisco, you see more random devices in SMB.

At the time(98/99) I had some certs offered to me A+ was the starting point but as you mentioned it was extremely old for the time and they were just starting to transition away from a lot of old tech. I didn't take it because coming into the position I was already CNE certified and thought it would be a waste of money and asked for funding for CCNA instead. This never happened so get whatever you can. Take as much as you can but leave the A+ to last try to do Security+, Linux+, Network+. Certs for virtualization Yegolev mentioned would be a really great to get as its where the market is heading for everything.

If there's a cert I'd really like to get is the RHCE Linux cert as its really broad and transfer well to any distribution.

[Morat20]

The whole cert thing always makes me feel a bit lazy, or out of touch, or something.

I have like zilch. I can't see how relevent they are to my job, but can't help but wonder if I'm missing some obvious ones that would make my resume look a heck of a lot better for my job. (I do development work, though -- master's and years of experience, but no certs of any sort).

[bhodi]

I'm going to just cut/paste bits from from the SA megathread OP.

For the record, I've got a Redhat RHCE, CCNA (lapsed), and a slew of Bea Weblogic shit which I strive to never use in my life again because weblogic administration fucking sucks. All of them have been sponsored through companies I have worked for. I don't really need them to find work, as my career is solidly in the "nepotism" stage at this point and most of my interviews have been a formality or non-technical personality checks.

I am not especially fond of A+/Network+ stuff, since you can feel someone out for that knowledge in a 30 minute interview, and finding someone who understands troubleshooting and has a compatible personality is way more important than if he can memorize a netmask table or IRQs (do they even make you memorize IRQs anymore? Probably not), but I can see having buzzwords that getting past the HR resume shredder is important.

So, you just got out of college and you want to get into IT. In this market. Pardon the rest of us jaded veterans as we simultaneously laugh at your enthusiasm and pity you for entering this market. Sadly, college doesn't mean anything in the computer janitor field. Generally speaking, there are three things that you need for the interview process:

 Certifications to get in the door.
 Experience to not make a fool out of yourself in the technical part of the interview.
 Nepotism to actually get hired.

The focus in this thread is, obviously, the first.

Now, let's get one thing out of the way: a pile of certs does not a guru make. Certs are a tool used by the HR manager to plow through thousands of resumes. This whittles the field down to a manageable number of candidates for the overworked and understaffed manager to interview. Once you get to the technical interview, you will be grilled on things that are important to that organization, not CCNA exam materials. You could be in the field for 25 years and whiteboard Google's LAN from memory and it still won't mean anything to HR. Although people with 25 years of experience mostly skip right to "nepotism," it's just an example.

Get used to examples that ignore the real world - this thread is about certifications.

-----------

CompTIA
Get your A+ if you're going into tech support or helpdesk or what have you. I haven't seen a lot of demand for the other ones; the Security+ and Network+ are better served by Cisco certs.

Harry Totterbottom disagrees with me slightly:

Harry Totterbottom posted:
Security+ is actually viable for trying to get your feet into an entry level network security gig.

[...]

Also the A+ is a joke if you've been in the field for any real length of time, however there are a few consulting companies that will want you to have it to maintain whatever BS marketing they're shoving down their customers throats. That said, I walked in and knocked out both the 220-601 & 220-602 without any preparation in under an hour.

Others
There are many other application-specific certifications around. Citrix and VMware are probably the biggest app certs around. If you're going to be working extensively with a technology, it behooves you to con your employer into paying for a certification for it.

Oh God How Do I Take An Exam
Short answer: Go to a licensed VUE or Prometric site, pay them a few hundred dollars, take test. The tests are downloaded from central servers shortly before you take it, so you may not REALLY need an appointment, but they'll be much nicer to you if you have one.

Long answer: Most IT education companies have Prometric/VUE centers on-site, and if you're taking a boot camp you can usually go straight into the exam on the last day of class. The test-taking experience generally involves being led without any personal belongings into a room full of WinXP boxes, sat down in front of one with a small dry-erase board and a marker, and the test software takes it from there. You'll have a time limit and usually a questions-remaining ticker. Time management is the most important part of any IT exam. Once that's done, the test results will be displayed and sent to the test proctor, who will escort you out of the room and then try to hard sell you on taking more classes.

If the machine crashes during the test, start praying. Alert the proctor immediately so they can stop the clock if necessary. The first thing they'll try to do is recover your test so you can resume where you left off. If they can't recover it, they'll tell you to make an appointment to re-take the exam with a complementary voucher. If the crash results in the machine thinking you hit NEXT NEXT NEXT FINISH until the test was over or time ran out... it's your word against theirs and you're probably out a few hundred bucks. Dem's the breaks.

I would personally pass on the A+. Virtualization is definitely where the market is headed and is a rapidly growing market, but since you're going VMware for that (You are going VMware, they are the only game in town) all their stuff is structured for company sponsorship (read: expensive). SANs, enterprise storage, blade systems are growing along with it. Sadly, not really something you can 'break into' without a stepping stone elsewhere. I have no idea how to break into the market beyond a CCNA, I just wouldn't go the microsoft route. Things aren't looking good for them and their bewildering array of cross-linked certifications.

Is there an overall list of the classes? I think we could probably pick stuff for you and suggest better if we had the full list.

Morat, as much as I personally loathe Oracle for a variety of reasons, they are it for "high paying" and, as a database guy / from what I've gathered here, getting the 11i cert stuff would be extremely desirable for you and once you have it and a modicum of schema skills, you can pretty much name your price. Good DBAs are in demand, DBAs that can design schema are a rare and highly desired species. Probably because it slowly drives you insane. DBAs burn out quickly and with extreme regularity.

[Kitsune]

A+ is something of a joke certification at this point.  It's a bad sign when a friend in charge of her IT department called me about an applicant's resume to tell me, "At least he has his A+!", and we both laughed.

Which certifications you go for depends heavily on exactly what you want to do.  Cisco certs are for people who want to be working on network infrastructure that uses, duh, Cisco equipment.  Most companies don't have sufficient infrastructure needs to support a full-time Cisco tech, so you'd either have to freelance to support lots of smaller companies, or work for someone really big.  But if you do get such a position, it tends to pay very nicely.

Microsoft server certs are a lot more flexible in the jobs you can land, but there's more competition in the field.  Even relatively small companies can need a full-time network admin, though they may not be able to pay very well.  If you do go for that, I'd strongly recommend that in addition to the server certs, you grab the desktop certs.  They're easy, they only require a couple of exams to acquire, and can give your resume a tangible leg up over someone who only has server admin certification.

[Hawkbit]

That's actually a useless Novel cert I have go figure. Think you mean CCNA or CCIE.

Yes, you're correct - I meant CNA.  Sorry, and Thanks!

[Yegolev]

I have like zilch. I can't see how relevent they are to my job, but can't help but wonder if I'm missing some obvious ones that would make my resume look a heck of a lot better for my job. (I do development work, though -- master's and years of experience, but no certs of any sort).

I don't know if you really really need certs if you are programming, but if someone can sell a cert in something, they will.  It's more important to (the bosses of) people who fix things, since it's some assurance that you actually know how to fix the thing you are working on.  I'd suspect this is why an Oracle cert would mean something.

Everything is indeed becoming virtualized.  I work on fewer and fewer real things all the time.  Won't matter the general platform, just getting something in it will be a great idea.

[Sky]

A+ is something of a joke certification at this point.  It's a bad sign when a friend in charge of her IT department called me about an applicant's resume to tell me, "At least he has his A+!", and we both laughed.

After looking over prep books in 99 when I was originally trying to get my career going, even then I could see it was extremely limited and not really necessary. "Why woud I memorize something I can look up?" Then the person who was in the running for this job with me said on her resume that she was 'working on' her A+. When asked in the interview about that, I told them why I wasn't. I guess that won some points.

I'm not sure where I'm heading career-wise at this point. 10 years of pretty low level admin has given me some great troubleshooting skills in a limited field, and I haven't had much chance to push anything higher level. At 40, I'm starting to think about possibly a management path. Having little programming beyond some basic scripting (and html lolz) kinda hinders me from any development paths. Otherwise, I'm probably looking at moving up the networking chain.

The last decent opening I saw that I was close to being qualified for was for Dep't of Homeland Security 

[Morat20]

Morat, as much as I personally loathe Oracle for a variety of reasons, they are it for "high paying" and, as a database guy / from what I've gathered here, getting the 11i cert stuff would be extremely desirable for you and once you have it and a modicum of schema skills, you can pretty much name your price. Good DBAs are in demand, DBAs that can design schema are a rare and highly desired species. Probably because it slowly drives you insane. DBAs burn out quickly and with extreme regularity.

DBA work is not for me. I mean, I can whip up a decent schema and can tell you what normal form something is in, and slap a programmer's hands when they try to design a DB layout built around "What makes for easy queries for me" and not "What actually makes sense as a way to store the data, and oh possibly expand it down the line".

But if you're asking me things like "Can you prove converting from Schema A to B is lossless and all that" I'll just scream and run away.

And I have no clue about the backend shit -- how often to do backups, security patching, fail-over setups, replication. I could probably puzzle it out....

[bhodi]

So what you're basically saying is that you have the hard part down but no idea about the easy parts. :)

[Arthur_Parker]

I'm not sure where I'm heading career-wise at this point. 10 years of pretty low level admin has given me some great troubleshooting skills in a limited field, and I haven't had much chance to push anything higher level. At 40, I'm starting to think about possibly a management path. Having little programming beyond some basic scripting (and html lolz) kinda hinders me from any development paths. Otherwise, I'm probably looking at moving up the networking chain.

If you have a powerful pc you can setup a pretty realistic virtual network.  Pretty much everything has 180 day trails nowadays if licenses are an issue, even with basic scripting and automating installs you could automate it to refresh itself every couple of months.  After getting a few servers up, I'd just add stuff on top to see what interests you, new areas are opening up all the time for which certificates don't exist and getting in first with a new release of something major really helps and stands way out on a CV.  Tracking down the blogs of the new product developers is pretty much a must as the initial documentation will be crap.

Most of the new to the field guys I've seen interviewed think a cert means something, even experienced people I've worked with for years who know experience is all that counts, happily apply for jobs while not having any exposure to what they will be supporting/implementing.  It's crazy, I've been sent on numerous courses costing thousands of pounds a day and always learn more at home just trying to get the stupid thing to work, because the people teaching the courses, teach courses for a living.

Due to the way things go at my place, I'm currently applying for my own job, if I don't get it I'll end up still employed but doing something new, if I'm successful I get a pay rise, currently in two minds about which I'd prefer.  A few others have gone for the same job but it's such a specialised field that "management" had to ask me to write the technical questionnaire.  The chances that any of these other people will have a working rig at home?  Zero.  Because it's a complete pain in the arse to do.

[Yegolev]

And I have no clue about the backend shit -- how often to do backups, security patching, fail-over setups, replication. I could probably puzzle it out....

As far as I can tell, no DBA does.

[Chimpy]

As someone who took the 2009 Network+ exam, stay the fuck away from CompTIA certs. They changed them to a yearly re-cert (at no discount so 300 bucks a year) from a never expire to gain "legitimacy" (and make more money) and the tests are really just general stuff. As someone who had about 8 months of on the job learning and a self study guide as my only exposure to the content, I passed the test easily. No reason at all for someone to take a prep-class for it imo.

The MCITP enterprise admin regimen actually gives you a cert that contains everything the Network+ exam does so I would go that route. Besides, the Microsoft certs seem to have a lot more cred (I see a lot of requests for MCSA/MCSE/MCITP on skills needed sections of job postings).

[Murgos]

The only cert I hear about from people actually doing high level (highly paid) IT work (defense contractors, DoD, major labs and similar) and wanting to get something more is I think the CISSP?

The issue with it seems to be that you have to apprentice for 5 years under someone who has it already?  Anyway, if you want a long term goal that seems like the one to shoot for from an overall hire ability point of view.

TL:DR; I am not in IT and have no idea what I am talking about.

[Sky]

CISSP or CCISP? They've mentioned offering the CCISP, but when I talked to the lady on the phone she was mostly talking about the CompTIA stuff and I was pushing for the other stuff. I left it as 'I'll add you to the professional email list' and give them a week to get their shit together.

Next week I begin the campaign of pestering the shit out of them.

[bhodi]

CISSP is a serious-business security cert. It's hard to get, since not only are the tests tough but you need a sponsor who currently has one.

I was in heavy study for one before I decided you know what, computer security is almost as retarded as game development and I don't want to spend the rest of my life explaining fruitlessly to the weakest link in the security chain (the human element) that they are the weakest link in the security chain. It's kind of like arguing with a pig.

[KallDrexx]

Everyone I know who works (or has worked for) IT security hates their job and wants to change directions.

[Lantyssa]

I was in heavy study for one before I decided you know what, computer security is almost as retarded as game development and I don't want to spend the rest of my life explaining fruitlessly to the weakest link in the security chain (the human element) that they are the weakest link in the security chain. It's kind of like arguing with a pig.

It's bad on both ends.  You have to explain to people they are the weakest link, but you also have to explain to the other security people that humans have to use the system.

[Sky]

That's why ideally I'd like to just go into management. 

[Zetor]

You can do CISA instead of CISSP -- the requirements aren't as strict, and the test itself is easier. On the flipside, it's considered less "techy" and more "manager-y". CISM is worse. :p

Almost everyone at my company has CISA, and about half of the people have CISSP (the ones that have been working here for 5 years anyway), but we're a security research lab; it's pretty much mandatory for us. I don't think these certs are too important otherwise, unless you want to be 'the security guy' at your company.

[disclaimer: I have nfi how these certs are ranked in the big-company world]

edit: I personally love my job, and so do most of my colleagues. However, we don't really do "IT security" in the sense of configuring firewalls and stuff; instead we do hardware/software auditing, which can be a lot more fun... at least IMO. It's always more fun trying to poke holes in someone else's work than doing your own! 

[bhodi]

It's not, he's lying to you, hardware/software auditing is spreadsheet & paperwork hell. You can tell because the word "Auditing" is in there.

Though I could be wrong, depending on what/how he has to audit shit, but it's likely the "fun" part of the job is called penetration testing, in which you install and run a program that pokes and prods at the box (completely hands off) and then delivers a 30 page report explaining how patch levels are off and how it's vulnerable to CVE advisory X Y Z. His job likely consists largely of explaining these auto-generated reports to others. :)

[Zetor]

Nah, we typically do source code analysis and fuzz testing (with our own tool, which is not fully automated)... we try to find new vulns in unreleased prototypes instead of finding CVE-xyz in an existing system. we also participate in some EU research projects and OWASP operations. We do some threat modelling during audit projects as well, but that isn't too much drudgery, at least imo. But I've been known to be insane.  

e: auditing mobile phones and set top boxes isn't too formulaic either, at least in my experience...

[Yegolev]

That's why ideally I'd like to just go into management. 

This is easy enough.  Get a job and perform poorly, but don't cost the company money via Horrible Mistakes.  Also go to lots of meetings and have opinions about everything.  You'll be noticed by those who matter.

[Sky]

Looks like it's Security+ or nothing at this point. There is some talk about the CISSP, but it's vague and I'm not sure how well-managed the program is. The Security + will all be free, so it's no big downer to get, but I wish I knew what the deal was with CISSP as I'd like to hold out for that. I meet in person next week to hand over my info and get my free lewtz, I might push them for a slot in this nascent CISSP instead....

The problem is, if you take one you're done as far as the grant is concerned. I told him I want the S+ and then whatever else I could get. They're trying to lobby the Dep't of Labor (hah), so I'm not optimistic on that. I'm pushing for at least a discount off prep and test for any further certs offered, whoever wrote the grant was pretty clueless, apparently.

The official word is that there will be no Cisco or MS certs offered (*nix never even being mentioned until I asked) 

[Ironwood]

This is easy enough.  Get a job and perform poorly, but don't cost the company money via Horrible Mistakes.  Also go to lots of meetings and have opinions about everything.  You'll be noticed by those who matter.

Oh, what the fuck ?  Between this and the Useless Conversation thread, I'm seriously starting to worry about some of you.

[Salamok]

I wish I knew what the deal was with CISSP as I'd like to hold out for that. I meet in person next week to hand over my info and get my free lewtz, I might push them for a slot in this nascent CISSP instead....

Isn't the main requirement of CISSP a 5 year apprenticeship under someone who already has it?

This is easy enough.  Get a job and perform poorly, but don't cost the company money via Horrible Mistakes.  Also go to lots of meetings and have opinions about everything.  You'll be noticed by those who matter.

The IT head honchos where I am are the exact opposite, they express opinions on nothing and as such don't leave themselves vulnerable to being wrong.  The main skill seems to be "Active Listening".

[Sky]

The CISSP requirements are still enforced, but you can get a lesser cert that you can convert into the full CISSP if you then use the lesser cert to get the experience required for full cert. The program is intended for folks already meeting the criteria, though. We have several schools and some DoD folks in the area. I could probably finangle my way in IF they offer it, but it would be a bitch since I'm not really doing that for a living right now (even though it's where I'd probably go if the library dissolves in two years).

The Security+ needs to be renewed every three years if your initial cert is after Jan 1, 2011. Alternately you can pay a yearly maintenance fee  Used to be ten years.

One thing the guy I'm talking to on the phone said was interesting. He said he's excited to do supervisory stints for each class. Apparently there is a lot of supervision written into the grant...and the supervisor basically gets the prep class gratis because he's sitting in. Then he said how swamped they are and how small the department it. I plan on broaching that subject further with my contact when I talk to her in person, after I grab the low-hanging fruit I might be able to get into the staff (part-time) and pick up another cert or three for the cost of the test over the next three years. That would be a total bitch, but facing the first cliff of my career kinda makes it an attractive idea nonetheless..

[Ingmar]

So for the first time in years, they're actually making us do objectives and performance reviews, and one of the things I'm supposed to come up with is a 'professional development' one. Leaning towards a SharePoint cert myself right now, since it combines "easy" with "lucrative".

[Ironwood]

This side of the pond :  Sharepoint's a good one to go for.

[Ingmar]

I already administer a SharePoint farm without a cert in learn-as-I-go mode (it was handed off to IT after marketing screwed it up, I've got it more or less fixed) so it isn't like it wouldn't be immediately helpful too.

[Ironwood]

Lean away from the administration and head towards the construction and design.

Seriously.

[Ingmar]

Yeah, that is what I have heard. Getting too much into that in my actual job right now gets into turf war territory, but I fully expect some other people to fail and to get my turn eventually.

[Ironwood]

"But really, I feel that Administration courses to teach me stuff I already know would be a waste of your resources.  If I understood better how these things get made at the outset, it would give you chaps an extra resource and allow me to be even more efficient."

Try that.