

Transform Your Puny Weakling Tech Muscles into InfoSec Brawn - boopsie
http://h30565.www3.hp.com/t5/Feature-Articles/Transform-Your-Puny-Weakling-Tech-Muscles-into-InfoSec-BRAWN/ba-p/5990

======
dkokelley
I have a question for the mid-to-upper level infosec guys. The article
mentions lots of certifications and professional organizations. I can
certainly see value in these associations and certifications, but I've always
been leery of professional certifications. I felt that they were for mediocre
players who didn't have "real" experience to show and needed some vocational
training and certification. Am I way off? Are these certifications worthwhile
when evaluating job applicants? Do they make you a more capable professional?

~~~
FreakLegion
Like the article hints, it really depends on what you want to do. None of our
engineers bother with certifications (and we don't look for them when
evaluating applicants). The CSO, IR and managed services folks, on the other
hand, collect them like Pokémon.

------
jazzdan
One good way to start building your security credentials is by becoming the
go-to security guy on your team. Poke around the product you're working on and
try to find security holes. Bring up security at code reviews. Besides just
facilitating learning about security those experiences can also be put on a
resume and talked about at interviews.

