Career Advice Tuesday – “Converting CERTS Into $$”

April 13, 2010

Dear Infosecleaders:

I am a CISSP with programming experience, static code analysis and web penetration testing.   I am thinking about taking the CSSLP or GIAC Certification – I was thinking that having these certs will enable me to attain more work and increase my hourly rates, like to know what you guys think.


“CERTainly Want To Improve”

Dear “CERTainly”:

It is quite possible that acquiring either certification (the CSSLP or the GIAC Secure Software) could enhance both your rate and your credibility as a specialized software security consultant. Many companies that are looking for these skills view the certification as an indication of proficiency, and in these cases the certification will provide them the required “signal” to authorize your engagement or your rate.

However, companies that are hiring full time staff traditionally apply a greater level of scrutiny during their interview process, and place less emphasis on these certifications, either when selecting the candidate or determining compensation.   I do agree that either of these certification will help “get your foot in the door” , with perspective clients/customers and should significantly enhance you the chance to be seriously considered for contracting work, or full time employment

As you go through your selection process (on which certifcation to pursue),  you have to keep the  the big picture of your career in mind.     I think that you should place a good deal of emphasis on the certification that helps you acquire skills that you believe would be useful in furthering your career, and developing your personal brand as both a software security consultant and an information security professional.  

There is no question that either of these certifications can help you accomplish the goal of being branded as a software security professional, but this may only serve as a component of your long term career goals.  For example, you may  want to select the certification that you may be able to more effectively leverage in attaining broader credibility (for example if you want to become a GIAC Expert, you may want to select the GIAC Cert, if you want to become a CISSP, you may want to select the CSSLP)

Like any information security career investment, you should try to determine your desired result and the desired sacrifice (money and time) that you need to complete it.   In your case, you should make sure that you keep your initial goals in site, more consistent work and a higher rates, as this may provide you with the quick return on investment that you are searching for.

In the end, I do not think that either selection is a bad choice, but depending on your personal circumstances and career goals, one may have more benefits than the other.

Hope this helps,

Lee and Mike

Posted by lee | Filed Under Uncategorized 


Comments are closed.