I’ve been looking around at various certifications that I would like to go for and the web being what it is, ….a web, lead me to finding some juicy information on the state of the IT industry in the US and Canada. I was given a copy of the 2010 IT Skill and Salary Report put out by TechRepublic and Global Knowledge. This report has a table (figure 10) where they list Salaries by Popular Certifications and there is a link under that that goes here where you can find an outline of the salaries for even more certifications. One that caught my eye because of the mean salary vs. what what the certification entailed was the CIW Web Developer. (side note: that certification has actually been retired)
CIW currently offers a range of certifications but there were 2 there that caught my eye and are things I will go for in the future (after my PR is finally sorted) and those were the Enterprise Developer and the Security Analyst. I looked over the requisites for the Enterprise Developer certification and it’s fairly straight forward, there is not really anything I need to learn extra to do the course and gain the certification since I do that anyway.
The Security Analyst has a prerequisite that you complete a 3rd party certification before going for their exam. When I looked at the 3rd party list there were the usual suspects MSCA, MCSE, CCNP etc. But there was one that I had not heard of before and that is the Certified Ethical Hacker (CEH). Having a strong interest and past hands on experience in this activity lead me to finding out everything I could about this course and the marketability of it in my career. I found myself thinking “hello……I can be incarcerated certified for this?!”.
It actually looks quite promising. The course is designed more to teach a person how to hack/crack by various methods and how to keep yourself up to date on the latest exploits and vulnerabilities. While at first glance training people to do these nefarious acts may seem irresponsible to the average person (even your employer). You have to realise that there are people out there finding end exploiting these vulnerabilities, creating tools and causing mischief without being trained. So what defence do you have against them? Hire one or hire a team of them! Get them to run attacks on your site, network and even staff members (read: not physical attacks on staff members even though they may deserve it, but things like social engineering, shoulder surfing and the like) and show you where you need to improve.
After reviewing all the info and previewing some course material I find that I am quite interested in getting CEH certification and will probably go for it later this year when the time and money are available.
As a further note I would also encourage people who are working in the IT industry to learn how to do their jobs correctly. I see so many people today passing themselves off as web developers, programmers and system administrators without knowing how the technologies they are using work, not knowing how to keep them secure and not doing a very good job at completing even the basic tasks involved in these positions. I think I will rant about this later and provide some more in depth information in that post.