IT Certifications

Certifications can give jobseekers an edge. They can prove to employers that a candidate has a definite set of skills, and that he or she has had experience working with particular technologies. In order to be considered, applicants must prove those things to employers.

"I think that one thing that's certainly true in the job market today is that companies are not interested in hiring somebody so they can train them," says Steve Johnson, Senior Fellow of The MathWorks, Inc., and former board member of the Computing Research Association. "And I think that very narrow courses, like certification in a particular product, can be a way for somebody to not only get in the door, but also to convince themselves and the company that they have skills that will help the company in the very short term."

"Certifications would be good for somebody who's trying to hop over from a non-IT career," says Tracey Losco, Network Security Analyst at New York University. While a jobseeker may learn certain languages or skills with a book, a certification forces a candidate to gain "a better insight; the big picture."

According to a survey by the ITAA, employers prize certifications as the third most important applicant qualification. About a third of survey respondents reported that they considered certifications important: 39 percent of IT firms and 32 percent of non-IT firms.

Of course, certain positions take certifications more seriously than others. The importance of one "will always depend on the type of IT job," according to Jessica Frias, Recruitment & Technical Coordinator at NYU.

Certifications become especially important in networking jobs, because systems and networks form companies' technology infrastructures. Candidates here must show a definite aptitude. "All of the Microsoft certifications, such as MCP, MCSE, and MCSA etc. are great for networking type of positions," says Frias.

In security positions, the need for certifications increases. Competent security is becoming even more critical than ever for any company with technology. Losco emphasizes, "with September 11th, people are more aware of any type of threat now. And I think that [network security issues have] been given more media coverage."

Before jumping into a security course, however, the applicant must figure out whether or not an employer will take a particular certification seriously. Losco says that in network security, "there are only really two big ones that are well-respected."

One type that employers respect is the CISSP, or Certified Information Systems Securities Professional. "It's a good certification because it gives you a broad overview of each part of what a network security professional will do," says Losco. It covers everything from "perimeter defense to actual computer-related security. So it runs the gamut."

This is an example of how a certification can give a jobseeker a useful, broad perspective and skill range. The CISSP's will teach a candidate perimeter defense "in the sense of actual building security," says Losco.

"Think of Homeland Defense. Think of what someone would do, if they had a huge computer holding all the financial information for the SEC. And that computer is kept in such-and-such a building. What you have to think about ahead of time is who has access to the building. Are there any doors that are left open in the building? A lot of people think, 'we need to protect the network as much as possible,' but they don't think, 'the cleaning guy leaves the back door open for a good hour every single night, and anyone could just walk in and get physical access.'"

While such a problem is a higher-level disaster planning or disaster recovery type of issue, it is still included in a network security employee's responsibilities. "It's definitely included," stresses Losco.

Employees also take certifications seriously from the SysAdmin Audit Network Security Institute (SANS Institute). "They've really been the quickest to get up to speed on [new security issues]," says Losco. SANS courses focus "on digital security and information security, on their vulnerability analysis, and on training people in what they need to look for to secure their machines. How they can secure their machines, how they would know if they've been broken into, and how they can tell from network traffic that they're under attack."

SANS offers the GIAC, or Global Information Assurance Certification. As the course description says, students are required to complete a "written practical assignment to demonstrate their mastery of the subject matter. Successful practicals are posted to the GIAC list of certified students (http://www.giac.org/cert.php), both to demonstrate graduates' knowledge and to further educate the community." This gives employers much more information about a candidate than a mere test score would.

Limitations

While certifications mean that a candidate has a certain set of skills, they probably cannot cover every skill needed for a job. On the job, problem-solving skills may be more valuable than a test score.

"Even with a certification, I don't know that people are actually going to have all of the skills [necessary]," says Losco.

According to Johnson, there will be IT problems in which "nothing you learn in any book could help you. And I suspect that nothing you learn in any course could help you either. And you're either going to have to involve yourself in a fairly intense tree of logic to try to figure out which factors, when combined, cause the problem. You're going to have to have good contacts with technical support, and basically have a sleuth's mind to figure out what the problem actually is."