Thoughts on Certs vs Degrees

Well. I didn’t really want to write this one, at least right now. I was writing another post about transitioning from Helpdesk to Security, and realized I was recommending certification content and figured I would toss my hat in the fray now on my opinions of this endlessly debated topic.

Well? What do you recommend?

Well, that varies. There are many considerations that need to be kept in mind when it comes to giving a recommendation. How much time do you have for training? How are you planning on funding your training? Are you wiling to take on debts? What level of training do you currently have? What are you trying to get out of your training? While training, do you have any obligations you would have to leave on the table? If so, how long can you do it?

If you have no experience in IT, maybe you are a secondary school student, or maybe you are a working professional who wants to transition careers. Then, a degree may speak to you. It’s well documented that degree holders generally have a more favorable economic outlook into the future, and that their quality of life tends to look better as an aggregate. That being said, the academic process is not for everybody and if it’s not for you, that is okay. You do not have to have a degree to be successful in IT. If anyone tells you otherwise, they are probably trying to sell you something, or are gatekeeping behind some stupid idea that people without degrees are not up to the task. It’s pure nonsense. In fact, I know some degree holders who are doing nothing related to what they went to school in, and others who have been jobless after graduating and in mountains of debt. It’s not a silver bullet.

What do you have?

I have 2 degrees, a Bachelor’s in Cybersecurity and an Associates in Computer Networking. The most important thing that having a degree teaches you is how to teach yourself new things, and gives you a strong network that you can keep into your professional life. After my 1st semester at the university, I didn’t really learn anything in the classroom. Part of that is the program I was in is absolutely garbage. The other part of it was that I was working at a Helpdesk, and I was in a Cyber Defense Competition team so I did most of my learning through these avenues. During my studies for the Associates degree, the program I was in was heavily structured through Cisco NetAcad, and the program was designed for working professionals who wanted practical experience to make a transition out of their current careers and into a career in IT.

The program directly set us up for training for (Now older versions of) Cisco CCENT, Cisco CCNA Routing and Switching, CompTIA A+, CompTIA Network+ (If you didn't want the Cisco certs I guess), and Microsoft MCSA. As electives I could take classes that prepared for Cisco CCNA Security, CompTIA Security+, and LFCS. At the University, I didn’t end up with any of my classes mapping to anything as part of an industry recognized certification. That did not stop me from getting certified though.

I obtained my (now expired) CompTIA A+ while I was still in Community College, my (also expired) Cisco CCNA Routing and Switching after graduating community college while I was working at the university. Shortly after graduating from university, I obtained AWS Cloud Practitioner and then AWS Security Specialty 16 days after getting Cloud Practitioner. In February of this year, I obtained my CRTO.

Why did you do all of that?

My point is that I have both and firmly believe that if you can get both, that is what you should do. Train for the job you want by getting certifications that are relevant. HOWEVER, with professional development I am super goal oriented and certs allow me a nice and clean cut off for when I know I have achieved my goal. It’s what works for me. In my circumstances, I believe getting the degrees and certifications was worth every penny. I would not have the life I have now without the degrees. Academically I feel that I could have just taken the $25,000 I spent on the Bachelors and piled it up and set it on fire, and it would probably have been a better use of my money. However, there are an innumerable number of side effects that made it worthwhile for me. I would not have gotten a chance to do the cyber defense competitions, met some of my closest friends who have taught me so much, gotten 2 internships, which turned into job that I like at a company that I like, and set me up for a successful career. I am sure there are other knock-on effects that I haven't considered or realized yet. None of these would be possible without those damn shiny pieces of paper. But again, my way is not the only way!

If you are less goal oriented, can’t spend the money on post-secondary education, certification exams or classes, or just think that it is a waste of time, then there are other ways to develop. Writing a blog, doing CTFs, home labbing, attending free webinars, mentorships; there are so many ways to continue to grow without having to get certifications and degrees. Ultimately, go with your gut. Don’t listen to those who say “My way is the only way”. Its garbage.