I must firstly apologise, everything seems to have gotten on top of me, and I have failed to blog for a few days. I'm aiming for this not to become like every diary that I have tried to keep in my life, filled for the frist three days, and then empty !
However, time is at a bit of a premium ( except the amount I seem to spend in transit - the British rail and underground system seem to want to keep my soul for as long as posible each day ... ), so this will likely be a short blog.
One of the reoccuring questions that I see time and time again in the mailing lists is :
Which qualification should I get ?
or at least the paraphrased ...
Is qualification X any use ?
I have really mixed feelings about this - all my life I have been told that the next level of qualification is the one to get - first GCSEs, then A-Levels, then a degree. It was failing my degree through not getting what on earth my maths tutor was on about, that opened my eyes to the fact that it isn't really so much about what qualifications that you have, as how much you really know, that matters. The trick is to get past the monkey who is interviewing you, and usually this invloves having something on your CV which looks interesting.
I figure you can go about this in one of two ways:
- Sit the qualification of the moment, which will, almost certainly cease to be fasionable after one or two months ( if you are lucky years )
- or have something on your CV that makes them look at it and go "Wow ... He must know his stuff".
The first will allways cost money and time, althought there is a good chance that you will learn something, unless you choose your course very carefully, you will end-up learning again things you allready know. I say this with conviction, because I spent money (and time) gaining a CISSP which I probably could have passed without the course, and a BS7799 Lead Auditor course, which taught me tonnes that I was unaware of. However the CISSP was the more fashionable at the time... C'est la vie !
The second route is much harder, although if you make the most of your abilities and interests and you have an intelligent employer, you can exercise your skills. Audit your current employer (make sure you have permission first), find out if there are flaws in the security, do it for free, and out of hours - your company will love you, your skills improve, and you can put it on your CV.
Write open source software. Find a project that you are interested in - please, please, please, please don't start a new one, unless you are sure that another couldn't use your help - there are a million and one new projects that go no-where, and a few hundred that could seriously use some help - you can still take credit - you can still improve, and you can still come up with new ideas.
Write documentation - write a blog (!), write articles, how-to's, books - whatever, but create a list of things that you have written in the relevant subject areas that your prospective client/employer can look at to see what you know.
Talk to other people in the industry, if you can convince a fellow professional that you know your stuff, they may refer to you, reccomend you, give you a reference, hell - even offer you a job - it happens.
At the end of the day - the letters after your name are insignificant if you have no skills, keep current, work hard, learn constantly and one day you will be there - do the courses and the qualifications that you feel will teach you what you need, not generic things that reiterate what you know, and be good to the community - it will be good to you in return.
Si - CISSP OPSA BS7799LA MBCS :P
