Good overview article, and I don't see a problem with listing certs/degrees/year of exp. IT Security is becoming a more mature career field, and as such it will have certain hurdles to clear to work in it. Certifications are one measure of basic knowledge, not a complete solution. But who is going to hire someone with no degree, no certs, in the corporate world? Remember we're talking about security professionals - not just intrusion testers that can work out of their house and have managers shielding them from their clients. And articles like this are also necessary - so you can show upper management that someone agrees with what you might already know and already be saying. If you don't realize that, then you are probably at the bottom of the pile and don't even realize management is ignoring you.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1904/1355#1355