What is more important in the information security profession - experience, degrees or certs?
What is more important in the information security profession?
- Real world experience,
- Degrees (BA, BS, Masters in computing, data security or networking)
- Or lastly industry certifications?
How does this vary if the position is in industry or academia?
Also are there any value in older certifications in legacy technology?
Please don't think I'm being flippant when I answer your question as follows: most employers want option 4): "All of the above."
Without real-world experience, certifications and/or degrees don't do much for employers. Without degrees, many employers aren't interested in talking to job candidates who've avoided completing this often-important "checkbox item" in meeting hiring criteria. And without current certifications, it's often difficult for hiring managers to be really sure about how much a candidate knows in the technical areas that a certification purports to cover.
That said, if you held a gun to my head and said "Stop the BS, pick one!"
I'd report to you that when equally pressed, hiring managers will pick somebody with recent, relevant, and well-documented experience every time.
This was first published in March 2004