Education and training are important, but a professional certification demonstrates your commitment and proves your proficiency. The top graduate from the best law school can't get paid for chasing an ambulance until he or she passes a bar exam. Likewise, a PhD from the top accounting school can't count a real bean for a paying customer until he or she passes the CPA exam.
There's nothing like a professional certification to change the focus during an interview from whether you can do a particular job to other concerns, such as softer skills or, even better, your salary requirements and start date.
Which certifications are best for you and your goals? There are dozens of professional certifications in networking and related skills. Pursuing the wrong one is a waste of your time. Pursuing them all is impractical and a waste of your time.
This chapter gives you some background on certifications and provides you with enough information to help you determine which certifications will be most beneficial to your career aspirations.
When determining which certification to pursue first, consider the following factors,:
It is bad form to claim on a job application that you have a certification if it has expired. Most certificate-sponsoring organizations have a search capability that can be used to easily confirm your stated certification. Most companies consider falsifying this information to be a dismissible offense.
So what is the right certification for you? In addition to the factors mentioned in the preceding section, you need to consider some important issues.
The two categories of certifications are vendor-specific certifications, which relate to the products made by a specific vendor, and non-vendor-specific certifications, which are created and maintained by independent organizations, typically nonprofits.
Vendor-specific certifications are marketable, but only to firms that use products from that vendor. A Cisco certification is valuable because many companies have at least some Cisco equipment.
Vendors such as Huawei and ZTE also have certification programs, but their customer installed base in the United States is relatively small. As a result, the value of their certification is less among U.S. companies.
In addition, a given vendor may have multiple certification types. For example, as of this writing, Cisco has 28 certification types, most of which relate to networking. (We describe Cisco certifications in the next section.)
Microsoft has seven certification types, but networking is only part of the curriculum. Having a Master-level certification is great, but a Microsoft Office Specialist-Master certification will not help you much in the networking field.
Non-vendor-specific certifications are a different kettle of fish. Non-vendor specific certifications tend to be more general and contain a wider set of study topics or body of knowledge. A vendor's certifications is limited to their products or services and how to apply them to specific network situations. Non-vendor certifications cover more material and focus on the control to be implemented or the business problem to be solved, including combinations of vendor solutions.
Although some vendor-specific information is part of non-vendor specific testing, the intent is to offer prospective customers assurance that the person who has passed the certification has at least a minimal set of skills. A number of non-vendor-specific certifications are explored later, in the section “Winning with a Third-Party Networking Certification.”
So how do you decide which certification is best? In addition to the preceding considerations, also think about the following:
Lots of organizations offer training to customers on how to more fully use their products. This approach makes business sense. Often these classes last a few days and help customers with configuration and maintenance. Upon completion, the company offers attendees something to resemble a diploma.
Earning a training diploma is good, but training is different from certification. One distinction is that a certification requires a test. In most vendor-specific training courses, the diploma primarily means that a warm body was present for the duration of the training. Whether the individual who was sneaking sips from his hip flask got anything from the information is between him and his boss (you know who you are).
Another distinction between a training diploma and a certification is that a certification is recognized in the industry as offering some level of value. With vendor-specific training, sometimes a third party creates the training program; completing the program won't help you get a job if the hiring manager has never heard of the company.
The issue of value is meant as a cautionary tale. Some shady companies offer discounted certification courses. If prospective employers have never heard of these companies, completing their courses won't help you in your job search, regardless of how much you learn or how sincere the marketing materials sound. Check first with those in the industry.
In this section, we describe well-known vendor-specific certifications that carry value.
Arguably the best-known certifications in the networking biz are from Cisco. As mentioned, Cisco offers 27 kinds of certification. One almost needs a certification to tell what the different Cisco certifications mean.
The first distinction among the Cisco certifications is the level:
The two certifications at the entry level are
Don't assume that these courses are simple because they include the word entry. These entry-level classes require several months of intense studying, lots of hands-on experience, and the successful completion of several rigorous tests.
The Cisco Certified Network Associate (CCNA) certifications are the next step up from entry-level certifications. The associate level covers skills necessary to administer small or medium-sized networks with one of eight technology specializations:
The individual who earns one of these certifications would be, say, a Cisco Certified Network Associate (CCNA) Data Center or CCNA Routing and Switching.
Just to keep it a little confusing, another certification in the associate level is the Cisco Certified Design Associate (CCDA). This certification is suitable for network engineers and others who specify network environments.
Although associate sounds better than entry, it fails to capture the magnitude of the work involved. First, you need a few years of experience in the field. Then, to pass the exam, you need to devote six to nine months (depending on whether you have no or a minimal social life) to studying and taking classes. This timeframe is if you take a preparation class and spend many hours each day pursuing your goal. Your mileage may vary, but any of these certifications is a significant accomplishment and shows a commitment of 1000+ hours. Plan to retake this test every three years to keep your CCNA or CCDA certification valid.
The professional level certification, Cisco Certified Network Professional (CCNP), covers the same specializations as the associate level with the exception of video technology. If you happen to specialize in video-networking technology, you may be happy to find out that the certification is only at the associate level.
The test is given in a series of steps, so you don't have to take all the tests at one time. Each test covers different technology areas (route, switch, and troubleshoot). Some people who have earned the professional-level certification say that they studied rigorously for nine months to a year.
The professional level has that same naming outlier for senior network design engineers, senior analysts, and principal systems engineers who design the networks. Rather than being consistent and, say, calling the certification for design professionals CCNP-Design, the certification at the professional level is called the Cisco Certified Design Professional (CCDP) certification.
If the professional level isn't enough for you, you can get an expert-level certification. Most are called CCIE, for Cisco Certified Internetwork Expert, followed by the specialization. There's one change to again make things interesting. The step above CCNP Voice is CCIE Collaboration.
The old CCIE Voice was retired as of Valentine's Day 2014. (I am not sure of the significance of this date.) The CCIE Collaboration terminology reflects the idea that businesses use internal voice communication along with data and video technology to collaborate.
Again, there is the same naming outlier, the Cisco Certified Design Expert (CCDE). It sure would be a lot simpler if they called this CCIE Design, but they did not ask me.
The CCIE variants and CCDE require another year of study and hands-on practice beyond the time spent on the CCNP/CCDP. This level is pretty darn elite: In the United States, there are about 5500 CCIEs of all types.
Let's put it this way. More people have fallen out of planes at altitudes above 10,000 feet and survived (157) than have earned the Cisco Certified Architect (CCAr) certification. More professional baseball players have hit four home runs in a single game (16) then have earned the CCAr. You get the idea.
But if not, more people have walked on the moon (12) than have earned the Cisco Certified Architect (CCAr) certification. Ten folks have earned the CCAr certification. We hope you become one. It looks very good on your resume. When you make it, send us a postcard about your accomplishment.
Microsoft makes a lot of software, but they also have technical certifications, specifically Microsoft Office certifications and Microsoft Technology certifications. The Microsoft Office certifications are good but are not our focus in this book.
The following Microsoft Technology certifications include topics that are relevant to networking:
The Microsoft Technology Associate (MTA)-IT certification offers multiple tracks. Readers of this book will be most interested in the MTA IT infrastructure track, which has the following four tests:
This certification is an entry-level (no IT experience) kind of test that is a good way to get started in the certification world. There are no requirements to prepare for taking the test.
Microsoft Certified Solutions Associate (MCSA) is proudly listed as a prerequisite for becoming a Microsoft Certified Solutions Expert in much of the promotional literature. However, it looks pretty good as a certification by itself. The Solutions Associate specializes in configuring and maintaining one of the following systems:
These certifications do not expire but the products in which you get the MCSA may expire. An MCSA in the Windows NT operating system will not open many doors for you these days.
All MCSA certifications involve multiple tests. You can take the tests in any order. A general guideline is that you should be able to take all three tests in 90 days if you focus on them. Hands-on experience with the technology is essential.
Now you are talking. Microsoft Certified Solutions Expert (MCSE) is a widely recognized certification that will impress the folks you want to impress. The MCSE can cover any of the following areas:
One of the good things about the MCSE is that you can go ahead and earn the MCSE and pick up the MCSA as you complete the first two or three tests.
The MCSE is the highest certification that Microsoft currently offers. They used to offer a Microsoft Certified Architect (MCA) certification but cancelled the program because there were only a few hundred MCAs.
Juniper Networks makes sure that Cisco doesn't have all the fun. Their product lineup offers high-speed switching for enterprises and Internet service providers (ISPs). Juniper Networks is frequently second or third in market share across their range of solutions, which is not shabby at all.
Describing the Juniper Networks Technical Certification Program (JNTCP) is not easy because they have 19 certifications. Understanding which one is right for you involves understanding Juniper's primary product lines, target markets, and sales channels. Buckle up and let's start breaking this down.
First, the four levels of certification, in order of increasing difficulty, are
All Juniper networks certifications start with one of these four levels. For example, an associate-level certification in Junos (JNCIA-Junos), the operating system used by most Juniper Network products, is a prerequisite for most of the other certifications.
In addition, Juniper Networks sells to enterprises and service providers, primarily Internet service providers. There are important differences between private network belonging to an enterprise (ENT) and Internet service providers (SP). For example, most enterprises have slow periods when they can accept some downtime. ISPs must support traffic on an almost continuous basis. Also, ISPs need accurate information flow into the billing system but enterprises want to track usage.
One area that is similar for enterprises and service providers is the network's information security. The tools and strategies for ensuring information security are identical whether the customer is an enterprise or a service provider, so Juniper Networks has a single certification track for people responsible for information security.
Figure 6-1 is a matrix of ten of the certifications offered by Juniper Networks.
So far, so good. The next consideration is that Juniper Networks sells their solutions not only through a direct sales force to enterprises (ENTs) and service providers (SPs) but also through resellers. These resellers augment Juniper's direct sales force. Many of these resellers add value by offering network engineering services to their enterprise and service provider customers.
The network engineers employed by reseller organizations can earn the same certifications as everyone else at the associate and specialist levels. A source of confusion is that network engineers who work for these resellers are called support specialists, and it is easy to confuse this title with the level of Specialist used for the Juniper Network Certified Internet Specialist (JNCIS).
In other words, network engineers working for a reseller first earn their Juniper Network Certified Internet Associate for Junos (JNCIA-Junos) like everyone else. Next, they earn their Juniper Network Certified Internet Specialist-Enterprise (JNCIS-ENT) like everyone else.
Finally, these network engineers (also called service specialist) can pursue a certification strictly for resellers called Juniper Network Certified Service Professional-Enterprise (JNCSP-ENT) at the professional level. These service specialists can also earn JNCSP-SP to supporting ISPs and JNCSP-SP to become a professional on security issues.
That brings us to 13 certifications. The last several are related to specific product lines:
The E-series has three levels of certification: associate (JNCIA-E), specialist (JNCIS-E), and professional (JNCIP-E). Do not confuse the E here with ENT, which refers to enterprise. And this brings us to 19 certifications for Juniper.
Palo Alto Networks specialize in firewalls and offer two certification programs based on their next-generation security products. (Yes, we know that this Dummies book focuses on networking and not information security, but you will help yourself by earning certifications in both.)
The Accredited Configuration Engineer (ACE) certification exam tests the candidate's knowledge of the core features and functions of the company's next-generation firewalls.
The Certified Network Security Engineer (CNSE) exam is a formal certification. Exam questions cover the following areas related to Palo Alto Networks firewalls:
Check Point Software Technologies, Ltd. offers the Check Point Certified Professional Program for network security. This is a product-focused certification based on the popular, but unimaginatively named Check Point Firewall-1. Certifications from Check Point include the following:
The Red Hat Certificate of Expertise in Server Hardening is for security professionals with skills and experience in
The Cisco and Microsoft certifications are the best known but are by no means the only certification programs with street cred. Following is a sampling of other vendors offering certification programs related to networking:
A number of organizations that are not affiliated with a particular vendor are well respected in certifying the abilities of their graduates. Typically, these certifications originate at nonprofit organizations seeking to ensure quality standards among technical or support professionals. Because these certifications are not affiliated with a particular vendor, they are referred to as third-party certifications.
The best-known organization for providing networking technology certifications is CompTIA (Computing Technology Industry Association), a nonprofit trade association. The original motivation for creating their certifications was to provide a minimal level of expertise among the workforce so that customers could have some degree of confidence that the holder of the certification is competent.
CompTIA started in 1982 and was then called the Association of Better Computer Dealers (ABCD). Keep in mind that Microsoft DOS was released in 1981. PCs were new technology, and computer dealers found that any schlub could hang up a shingle and claim to be qualified to repair the PCs that were just coming out on the market.
These so-called repair technicians were not suited to repair anything as intelligent as an 8086 computer. To prevent the industry from getting a bad reputation among customers, the dealers banded together to create standards. The ABCD consortium was the origin of CompTIA's A+ certification for computer technicians.
The current A+ certification, which was updated in 2012, is comprised of two tests: CompTIA Essentials and CompTIA Practical Application.
The Essentials portion of the exam covers the basics of computer technology, networking, and security for hardware and operating systems. The Practical Application portion demonstrates the use of current operating systems.
CompTIA is probably best known for the A+ certification, but their other certifications are highly respected and valued. Some certifications are difficult to categorize; we group them from the perspective of this book as follows:
Three certifications are relevant in one way or another to networking:
Although the following certifications are not specifically network-centric, there are elements of networking and operating systems technology in them that would have value to an aspiring network engineer:
Technology skill certifications may be useful for someone focused on or seeking a career in networking (more on this later in this chapter). Note that each of the following certifications involves a significant commitment of time and resources:
CompTIA offers not only certifications but also certificates for particular areas of study. Earning a certification is more involved than earning a certificate, and therefore better. (Unfortunately, the names are similar.)
CompTIA certificates are prefaced with the Strata to distinguish them from certifications. They include the following:
Network Professional Association (NPA) is a nonprofit association for computer network professionals that offers the Certified Network Professional (CNP) Program. The primary goal of NPA is to raise the awareness of technical people working in networking as a profession by setting standards for ethics, training, and performance.
This approach is slightly different than the vendor-specific and the third-party certification programs in that no moral judgments are associated with the other certifications. They are purely technical.
The Network Processionals Association, on the other hand, may have issues with a CNP who designs a network to trade in blood diamonds and speed the burning of the Amazon rainforest while taking bribes from vendors and spying on its critics. Certainly, all the organizations mentioned in this chapter would have concerns, but the technical certifications are independent of any ethical judgments.
Planet3 Wireless is an organization that certifies wireless LAN professionals. Their certification focus on 802.11 wireless LANs. The certifications, in approximate order of easiest to hardest, include:
Even though you may not be looking for a security job or even a security career, security is important in every IT job, especially networking! Chances are you'll be managing the security aspect of systems, devices, or users, and you'll be far more marketable if you have one or more security certifications.
Founded in 1988, (ISC)2 (pronounced “I-S-C-squared”) was formed to create a global information security certification program. In 1994, the CISSP certification was established, and it has since been recognized as one of the top security certifications in the profession. Some of the certifications offered by (ISC)2 are described in this section.
Systems Security Certified Practitioner (SSCP) is the entry-level certification offered by (ISC)2. Requiring as little as one year of professional experience, the SSCP certification is great for professionals who are working to establish their security careers.
Universally recognized as the greatest of all information security certifications, Certified Information Systems Security Professional (CISSP) covers a broad swath of subject matter in its Common Body of Knowledge (CBK):
The CISSP exam contains 250 multiple-choice questions and may take you up to six hours to complete.
Several CISSP concentrations are now available to CISSP holders who want to extend their certification into one of three important specialties:
You can learn more about the CISSP certification in CISSP For Dummies, 4th Edition, by Lawrence C. Miller and Peter Gregory.
The Certified Software Security Lifecycle Professional (CSSLP) certification recognizes expertise in the security development life cycle, which is the set of business processes and techniques that ensures the inclusion of security in every step of the software development process.
The range of subject matter in this certification includes
The Certified Cyber Forensics Professional (CCFP) certification is a recognition of skills and experience in the field of computer forensics, the science of conducting sound digital investigations that may be used in legal proceedings.
The range of subject matter in this certification includes
The Certified Authorization Professional (CAP) certification recognizes skills and knowledge in the work of authorizing and maintaining information systems in the Risk Management Framework as defined in NIST SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems.
The range of subject matter in this certification includes
The Healthcare Information Security and Privacy Practitioner (HCISPP) certification recognizes expertise in the protection of personal health information. The range of subject matter in this certification includes
(ISC)2 also offers an Associate of (ISC)2 Certification, for those who have passed CISSP, CSSLP, CAP, SSCP, CCFP, or HCISPP but do not yet have the required years of experience to be awarded the certificate.
ISACA was formerly known as the Information Systems Audit and Control Association. They are now ISACA to show that they are known for more than just audits and controls. This nonprofit organization is dedicated to the development of frameworks, standards, guidance, education, and certifications for professionals in information systems audit and security management.
ISACA certification exams are conducted a limited number of times per year, at hundreds of locations around the world.
Enacted in 1978, the Certified Information Systems Auditor (CISA) certification is one of the most prestigious security certifications available in the industry. This certification covers the following subject matter:
The CISA certification is frequently required for IT audit professionals in positions focused on IT audit or IT audit management.
The Certified Information Security Manager (CISM) certification is recognition of the skills, knowledge, and experience of security managers. The CISM certification covers the following subject matter:
Certified in the Governance of Enterprise IT (CGEIT) is a certification aligned more with IT management than IT security. The CGEIT certification covers the following domains:
Certified in Risk and Information Systems Control (CRISC) is ISACA's newest security-related certification. With heavy emphasis in risk management and controls, CRISC complements CISA and CISM, and the three together provide comprehensive control over information security management and operations.
The CRISC certification covers the following domains:
Along with the (ISC)2 Certified Information Systems Security Professional (CISSP) certification, discussed later in this chapter, Global Information Assurance Certification, or GIAC certifications are among the most widely known and respected security industry certifications today. The SANS (SysAdmin, Audit, Networking, and Security) Institute Global Information Assurance Certification (GIAC) program validates the skills and knowledge of security professionals, practitioners, and developers through nearly 30 certifications, which are grouped into the following categories:
The GSE is the most prestigious certification in the GIAC family. To earn the GSE, you must successfully complete a 75-question, three-hour exam, followed by a two-day lab exam. Prerequisites include the GSEC, GCIH, and GCIA certifications.
Most GIAC certifications correspond to SANS Institute training courses. However, attending a SANS course is not required to earn GIAC certification. SANS GIAC recommends a minimum of 55 hours of study (in addition to any formal training courses) to prepare for a GIAC certification exam.
As if these certifications weren't enough, other certifications can help you professionally in the networking space. Some of these specializations include the following: