CertifiedThere has been a constant conversation in the cyber security industry whether certifications equates competence. This article is in no way trying to insinuate that certifications don’t matter, on the contrary. Certifications Matter! The Big question is that does having a CISSP, CISA, CEH, OSCP etc equate to competence?

In my Analysis and reflection on this matter, I tend to argue that in as much as certifications are key towards growth in the cyber security field, they can never be taken to equate competence. Does having an OSCP, CEH etc without real experience mean you are a better penetration tester? The answer is NO! The certification can play a key role when it is among the requirements set out by the Human Resource department, but it can never be taken to mean that the candidate will perform better than an experienced candidate with less or minimal certifications.

I can even argue that there is no certification out there on cyber security that teaches real scenarios on the field. The technical certifications can attest to your understanding of the technical knowledge as far as the subject matter is concerned but never will they be able to assess your performance on the ground and at the client site.

In my time as a cyber-security professional, I have worked closely with individuals who have lots of certifications and those with less or minimal certifications but more experience and I can attest to the fact that I have been amazed by the level of professionalism and skills of some of the colleagues with a vast experience in the field. Not only does experience make you capable of handling real scenarios, but it helps you think outside the box as you have dealt with more challenging scenarios that is more than just being able to break into a machine. Experience is Key!!

I believe that the young professionals should not only rush into getting the certifications to beautify their Curriculum Vitae, but they should complement it with real experience and ability to learn on the ground.


By: Gilbert Nyandeje

Cyber Security Consultant and Researcher at Enovise