Decrypting the Different Exam and Certification Models

{LANG_NAVORIGIN} Certifications
By: Derek Melber, 04/21/2005

Various Certifications

Certifications come in all sizes and shapes. They can be obtained with a single exam or require multiple exams. Certifications can require a combination of different exam types. Some certifications require that you mix vendor exams. All of these options can be confusing and complex.

When you start to evaluate which certification is right for you, there are many considerations. In addition to those that we explored in Chapter 1, such as the relative value of the certification in the industry, you must consider the following factors in your choice:

• Number of exams required to achieve certification
• Types of exams involved in the certification process
• Industry perception of certification
• Expiration of the certification
• Renewal process and requirements for the certification

The number of exams involved in the certification process is an important consideration for your certification choice because of the work that you need to put into the preparation for the exams. Beyond the preparation, you also need to consider the cost of exam prep and the exam fees. Some certifications require as many as seven or eight exams, which can total $1000 in exam fees alone. Throw in the fact that you might fail an exam or two before passing, and you are up to $1200 for a single certification.

When it comes to preparing for a certification, you must consider the number of exams. This consideration is not meant to persuade you to stay away from the multiple-exam certifications; it is simply meant to encourage you to consider the return on your investment. Rather than focus your energy, time, and money on a multi-exam certification that has very little prestige in the marketplace, consider aiming for certifications that require only a few exams, but have high prestige in the marketplace.

Prestige is not the only reason to get certified, but typically the prestige of a certification goes hand in hand with the value of the certification.

I explained earlier that different certifications and exams might be offered in different formats. The more complex the exam delivery method, the more knowledge you will need to know to pass the exams. This complexity level will typically be tied to the prestige of the certification in the industry.

As OSs and tools change versions, the certifications that are associated with them change too. Some certifications can’t be upgraded in the sense that a single exam or suite of exams can “upgrade” you to the latest certification. Knowing beforehand whether such is the case for the certification that you are pursuing is important because of the effort that it takes to become certified. You would not want to work for months to obtain a certification that will only last for another few months.

When taking into consideration the expiration of a certification, consider the time it will take to prepare for the exam(s). For a single exam, it might only take a week to prepare, depending on your current knowledge level. However, when you consider a certification that requires multiple exams, you might need to allow for several months, or even more than a year.

You also need to consider the requirements of experience for some certifications (for example, becoming a CISSP). Requiring experience as well as knowledge is becoming more and more popular. Requiring experience makes a certification more valuable for the candidate and anyone hiring the certified professional. Some experience can be obtained in months, whereas other experience might require more time. Add the experience factor to the previous preparation factor, and some certifications can take years to obtain.

If you are thinking that a certification that takes years to obtain is not worth the effort or you might never complete the requirements and preparation, you can relax a little. Many certifications allow for renewals or upgrades from one version to next. Each vendor and certification accomplishes these renewals in a different manner. Some certifications require proof of experience on the new version, whereas others require additional exams. Still others might require that you perform a certain number of continuing education units before you are allowed to renew your certification.

Single Certifications

Many new security certifications are requiring a single exam. Single-exam certifications have had a bad connotation in the past, but with most of the new certifications, the negative perception is gone. Must of the reason for this turnaround is the effort that the certification developers have put into the exam complexity, knowledge level, and length.

It is also common for single-exam certifications to require experience before someone is able to obtain the certification. Experience can range anywhere from a few months to a year. The experience on many certifications is not required in that the candidate must prove the history. As you can imagine, the experience factor for these certifications are typically ignored. The certifications that verify experience are viewed closely from hiring managers because they know that the candidate has a certain level of experience by obtaining the certification. It is not uncommon for the validation of experience to only come through a reference letter from a superior. This requirement helps validate the candidate from a neutral third party, which helps reduce unqualified candidates from pursuing the certification. Unqualified candidates that squeak through obtaining the certification water down the perception of the certification in the industry.

The complexity of many single exam certifications comes in the length of the exam. For example, the CISSP requires 250+ questions and gives you 6 hours to complete. One of the reasons for the length of the exam is to prohibit those that attempt to cram for an exam by memorizing questions. Another benefit of a longer exam is that it can reduce the total number of exams that are required to obtain a single certification. Instead of requiring multiple 50-question exams, a single 250-question exam can get the job done.

Other single-exam certifications increase the level of complexity of the exam by moving away from the conceptual exam format. These exams present innovative items or go to the next level and offer case studies. These exams receive higher ratings, but not as high as the exams that go to the levels of virtual and hands-on exams. The virtual and hands-on exams are held with the highest regard, especially those that produce a certification after one exam.

Tracked Certifications

There are times when you will want to take your certification to the next level. Many vendors and certifications offer tracked certifications, which allow the candidate to move towards a specific area of expertise within an OS or product. Tracked certifications are becoming popular again in the security world. One of the reasons is that a track offers the candidate the ability to prove knowledge in a focused area.

In some cases, you are required to obtain a general certification as a foundation to your specific track certification. Many times, the tracked certification will add a +S or +Security to the general certification to show that you have the foundation requirements as well as the additional exams and requirements for the specific knowledge.

There are typically two types of tracked certifications. The first track format will have one or two base exams that can then be matched with one or two track-specific exams to complete the certification. The base exams on a track certification require you to take one or two exams to obtain the tracked certification after the base exams are completed. With this structure, there can be many tracked certifications based on the base exams.

The second track format is actually a multi-certification track. Some certifications build upon existing certifications as you work on a specific track. With this type of tracked certification, you will take one or two exams to obtain a general certification on the OS or product. You can then take one or two additional exams to obtain additional certifications on a track. Some examples of these certifications include specialization in security, forensics, e-commerce, and so on.

Track certifications can include any exam type that exists, but usually stick with the conceptual exam format. Like the single exams, the more complex the exam format, the better perceived the certification is in the industry. If you can find a track certification that requires two or more of the virtual or hands-on exams, these certifications will be highly observed by all of the industry.

Track certifications can seem to be costly due to the number of exams and the preparation that is required for the multitude of exams. However, if the exams lead to general certifications and provide multiple paths for tracked certifications past the general certification, a tracked path can be a very efficient way of obtaining multiple certifications.

The volume of certifications is not as important as the quality of the certifications. Thus, the efficiency of tracked certifications is only valid if the general certification and the tracked certifications all provide industry-recognized results.

Tiered Certifications

Tiered certifications are becoming more common in the security arena, but these exams have their roots in the OS certifications. These certifications provide the foundation of the certification industry in that they are the most common of all exams taken. If you are new to IT and need to get started with certifications, you will most likely be taking an entry-level tiered certification initially, then moving on to specialized certifications and tracked certifications.

Tiered certifications provide a hierarchy of exams and certifications. The goal is to allow for an entry-level certification for those that maintain installations, perform routine troubleshooting basic configuration tasks, and provide Help desk support. The entry-level exams will not require much experience, if any. However, the entry-level certifications help solidify the candidate’s job knowledge and provide a foundation for the next level of certification.

Tiered certifications also provide certifications along the path of an IT career. The philosophy is that as a person spends time working with an OS or tool, that person will gain additional knowledge and experience around the topic. The tiers of the certifications walk along with the candidate as their career and knowledge grows. For example, consider this type of format illustrated in the following Microsoft track:

• Microsoft Certified Desktop Support Technician (MCDST)—This certification is geared towards the new IT professional, who is responsible for basic troubleshooting of Windows computers at a call center or corporate Help desk.
• Microsoft Certified Systems Administrator (MCSA)—This certification is geared towards a seasoned IT professional who has some experience. These candidates typically have moved past the Help desk and now perform installations, routine client and server maintenance, and tier-2 or -3 troubleshooting.
• MCSA: Security—This certification is an example of a tiered certification. With only two additional security-related exams, the candidate can obtain the +Security credentials. The total number of exams required is five, but the five exams produce two certifications.
• Microsoft Certified Systems Engineer (MCSE)—This certification is geared toward the IT professional who has had more than a year of experience with Windows computers and networks. In some cases, 1 year of experience is not enough. The candidate is responsible for implementing, configuring, managing, designing, and troubleshooting all aspects of a production Windows enterprise.
• MCSE: Security—This certification is another example of a tiered certification. This certification requires three security-related exams. If the correct elective exams are taken with the MCSE certification, this certification can require only one additional exam past the base MCSE track.

Another example of a common tiered certification track is the Cisco track. This track includes the following certifications:

• Cisco Certified Network Associate (CCNA)
• Cisco Certified Network Professional (CCNP)
• Cisco Certified Inter-network Expert (CCIE)
• Cisco Certified Design Associate (CCDA)
• Cisco Certified Design Professional (CCDP)
• Cisco Certified Security Professional (CCSP)
• Cisco Certified Inter-network Professional (CCIP)

These tiered structures give you a clear view of how the exams and certifications can grow upon one another, following the path of the IT career. I might also add that with a track such as this, exams can be used for each level of the track. The MCDST exams can be used for both the MCSA and MCSE certifications.

Of course, the higher in the track that the candidate can go, the more prestigious the certification. An MCDST does not get the respect that the MCSE:Security candidate does. That is not to say that the MCDST does not garner respect; it is just meant to illustrate that the certifications are relative to each other. If you are applying for a job that requires you to field support calls from users that work with Windows clients, the MCDST certification can give you a leg up to the competition that is also applying for the same job.

Another key point is that the exams get more complex as the tiers grow. The entry-level exams typically use conceptual questions and some innovative questions. They will not use simulations or case studies. As the exams move into the MCSE tier, you will start to see exams that include case studies and simulations. Eventually, you might even see exams at the MCSE level that provide virtual exams or the elite hands-on exams.

I have mentioned multiple times that certifications can be time consuming and expensive. The Microsoft track that was mentioned earlier falls into this category. The MCSE:Security track requires eight exams, which each cost about $125. These exams cover a range of topics, including network services, Active Directory (AD), security, installation, management, troubleshooting, and more. The experience and time required to prepare for these exams can take months or even years. It is possible to spend $10,000 or more in the preparation of this certification track.

I will address some tips and traps of preparing for a high-end certification in Chapter 4.

Grandfathering

For some, the certification path seems long, grueling, and unneeded. Such might be the case if you have been working in the IT industry for years but have never pursued any certifications. If you fit into this scenario, you might be right for grandfathering into a certification. The grandfather clause is for those that have experience and know the material that is presented on the certification exams.

There are some grandfather clauses that state that you must have a certification for another OS or tool to prove that you know the material. The benefits of this model are that those who have pursued one track or direction are not penalized for their efforts. Instead, they are rewarded for knowing the material. This setup solves the problem of those that want to pursue one direction, then either broaden their resume of certifications or change directions down the road.

I know many Microsoft certified professionals that have obtained their Certified Information Security Manager (CISM) certification by using the grandfather option. They are very well versed in security and management of IT (people and computers), but have spent much of their time on the Microsoft track. CISM provides a multi-step process for them to obtain the CISM certification with their existing certifications and experience. The following list highlights some of the requirements that you might see with any grandfather option.

• Application form—This form is typically a simple form that provides your personal information and contact information.
• Resume—This document will provide the certification reviewers with your past job experience and career path. Be sure to be specific with regard to tasks performed, responsibilities undertaken, and positions held. Do not stretch the truth on your resume. The reviewers will follow up on all past jobs and supervisors, so any stretching of the truth could disqualify you from the grandfather option.
• List of accomplishments—This list can cushion the resume with additional accomplishments that you have in the industry. Examples of accomplishments that you will want to mention include:
  • White papers you have authored
  • Articles you have authored
  • Books and eBooks you have authored or contributed to
  • Courseware you have authored
  • Specialized training you have performed
  • Other certifications you have obtained
  • Awards or recognitions you have won
  • Specialized training you have attended that did not lead to exams or certification
• Job history—This information will typically be a duplication of most of your resume, but the application or form will want you to be specific with regard to your job roles and task responsibilities. This list will include management of the network, security, servers, projects, and staff.
• Task descriptions—You will want to be clear and precise when you fill out this section. Be sure to look at the exam objectives that coincide to the certification that you are trying to grandfather into. Be sure to emphasize all tasks that you performed related to this objectives list. Break out all tasks into distinct tasks so that there is no room for interpretation as to what the task included. Don’t put in tasks that don’t apply, as this will distract the reviewer from the tasks that do apply.
• Contacts of previous managers—As a conservative person, I suggest that you call your previous managers and ask them for your approval to use them. If that manager is not available, you can use a higher-ranking manager or someone that knows what your responsibilities were and knew your performance. These managers will be contacted in almost every instance by the review committee.
• Letter or recommendation by superiors—This letter will require that you ask three to five previous supervisors, bosses, or clients to write letters to the review board talking about what your experience was with them and why you should be considered for the certification. You will not see the letters, so I recommend that you call the superior personally to explain the reason for the certification and what the certification will do for your career.

In some cases, you might also need to take an additional exam to fill any gaps that the other certification or experience does not fill. For some of the certifications that you are grandfathering into, there might be multiple exams, so you are bypassing one or two exams with the application and job history information.

It might seem like all of this is easy and cheap. However, in most cases it is a lot of work. The forms and legwork can take days to fill out, as you try to gather past records, fill in the job and task forms, and track down your old bosses. It can then take many phone calls to ensure that all of the information is submitted and in the process of being reviewed. The final process on your end is to keep tabs on when you might hear back on your status to ensure that communication does not fall into the cracks.

In some cases, there is a cost to grandfathering. You are getting out of the exam sitting fee and preparation fee, but the time that it takes to fill out paperwork, make phone calls, and follow up on the status can be translated into money. Also, there is sometimes a hefty fee to grandfather into the program. This fee might be hundreds of dollars, so make sure the certification is worth your time, effort, and money.

















Your IP address will be sent with this e-mail

From e-mail to e-mail