Infosec: Certification vs. College
By Daniel Miessler on February 2nd, 2006: Tagged as Career | Education | Information Security | University
Many people debate which is more valuable to an employer — certifications or a four-year degree, and why.
I have the answer (lucky you).
In the past the answer was a resounding, “college”. This is because anyone who had gone through four years of arduous study in various disciplines was simply exposed to more and able to adapt easier to assorted challenges.
This isn’t the case anymore. These days, many college graduates can scarcely read and write — let alone do mathematics or logically approach problems.
The rise of the importance of certifications is simply a response to this fact. Managers need something to go by, and they have been shown time and time again that a four-year degree isn’t a guarantee of anything. So, in the absense of that benchmark they’re being forced to choose another — certifications.
It’s really that simple — as the quality of university graduates fall, employers’ dependency on and requirement for certifications will rise.
Not nessissarily true in all circumstances. The 4 year degree is a door opener in business, more pay, basically the entry point bar. Not having one will make getting a job more difficult. CISSP et al are pretty much so the same way, that someone in HR can screen by certificate as well. Either way, the certificate or college says that you can follow direction and take a test, do the minimum nessissary to get “X”. I am finding that a lot of employers are looking for more education the further you go up the food chain, masters of science for director and above, and so on and so forth. really all depends on the company, what they think they want, what hype they bought into, but the bachelors degree is a pretty universal requirement in many of the job descriptions that I have seen.
Comment by jasc — 2/3/2006 @ 11:04 pm
Jasc,
Go to Monster, do a search for information security jobs. For technical positions, i.e. pentesting, firewall work, etc — you’ll find a certain magic phrase being used in almost all cases.
“or equivalent experience”.
Seriously, check it out. What that means is that the degree is nice, but it’s by no means required.
There are tons of positions that do require it, but they’re usually managers.
Comment by Daniel — 2/3/2006 @ 11:55 pm
Interesting, so here was the experiment, I went to went to dice and did a search on “or equivalent experience” in quotes and ran up 6741 out of 83,835 jobs, or about8% of all jobs. For the phrase “bachelors degree” there were over 10K. CISSP popped 714 jobs, MCSE had 1486. (Sorry I didn’t go to monster, their stats are not good enough and they have a pile of spam jobs, dice has a total, and the search is much better for this kind of experiment). You have a point on equivalent experience, but personally I would rather have as many jobs to choose from as possible.
Comment by jasc — 2/4/2006 @ 9:25 am
But that’s the whole point, Jasc. I’m not saying people don’t “like” a Bachelor’s degree in addition to being qualified; all I’m saying is that they are no longer equating the two anymore.
If they were, you wouldn’t see them saying “or equivalent experience”. I’ve interviewed recently at some major companies — including Cisco. They scarcely even wanted to know how far I was in school. They wanted to know what I knew. The entire point here is that, these days, these two things are separate. Managers know this now.
Look, I’m not dissing the degree completely. I’m a senior in college myself, and I am definitely going to finish my BS in the near future. All I was pointing out was that if the degree had the clout that it used to have, certifications would not be as relied upon as they are today. They only are because the Bachelors has lost so much respect with employers as a predictor of good employees.
Comment by Daniel — 2/4/2006 @ 2:41 pm