This feature first appeared in the Winter 2018 issue of Certification Magazine. Click here to get your own print or digital copy.
I recently hit a major career milestone: 20 years of working in and around the IT field. As I reflect on that time, it occurs to me that I’ve held a wide variety of IT certifications during those two decades and they’ve played important roles as I’ve moved through different stages of my career.
Allow me a moment to rattle off the list of certifications that I’ve held at one time or another, if only to offer you some perspective on my career path. I’ll explain more about the twists and turns that my career has taken in a moment, but those of you who have been around the industry a while can probably get a sense of it just from analyzing this alphabet soup of certifications, in the order in which I earned them:
1) MCP, 2) MCSE (NT 4.0), 3) MCDBA, 4) MCSE (2000), 5) CCNA, 6) TICSA, 7) CCSP, 8) CISSP, 9) CISA, 10) GCFW, 11) PMP, 12) Security+, 13) CSA+ Can you pick out the path through all of those acronyms? Allow me to express it in terms of four general phases in my career:
Technology Foundation > Security Specialization > IT Leadership > Author and Educator
Allow me to walk you through each of these phases in the hopes that you can learn from my experiences, wherever you are in your career.
Building the foundation
When I first embarked upon my IT journey, I was like many young professionals. I thought I knew everything but, in reality, knew very little. This hit me hard when I started working with a team of talented professionals at the National Security Agency. I found myself surrounded by some of the world’s best minds in computer science, cybersecurity, networking, and mathematics. The most important thing I learned from them is how much there is to learn!
Fortunately, I was in an environment with a culture of learning. The NSA has one of the nation’s largest technical workforces, and they committed significant resources to many different types of technical training programs. I quickly latched on to a library of IT training courses they offered to all employees and simply started taking courses in everything that people around me discussed that I didn’t understand.
I used that library to build a base of practical IT skills, ranging from Windows administration to databases and networking. Those courses helped me round out the very Linux-focused skills that I had picked up in my undergraduate degree program.
As I look back at that time in my career, I am thankful that the team around me guided me in the direction of general technical knowledge, rather than deepening my cybersecurity skills off the bat. Sure, I was working in security, but 20 years later, I still find myself drawing upon that reserve of foundational IT skills to inform my work.
The IT training library that I used during this phase in my career is long gone, but there are others out there that offer even greater opportunities to today’s developing technology professional. Two that I would particularly recommend are Lynda.com and DataCamp.
Lynda.com offers a tremendous breadth of content, releasing dozens of new courses every day. (Full disclosure: I’ve created many of those courses.) DataCamp, on the other hand, is focused on the realm of data science and analytics, offering a hands-on programming environment. I use it with my own students to help them gain the foundational skills they need before moving on to more advanced material.
Focusing and specializing
After spending four years working with the fantastic team at NSA, I moved to a private consulting firm based out of Miami, where I had the opportunity to work with quite a few fascinating clients. I spent five years there before accepting a position managing the cybersecurity program at the University of Notre Dame. Both were wonderful opportunities and afforded me the ability to continue developing my professional skills.
I used this period of about a decade to develop the specialization in cybersecurity that began while I was with the NSA. I earned several security-related certifications, including the credential that I consider the most important one that I’ve held in my career: the Certified Information Systems Security Professional (CISSP) certification.
The CISSP has a high barrier to entry: you must demonstrate five years of full-time cybersecurity work experience in addition to passing an exam. Earning the CISSP is therefore a ticket to credibility in many corners of the security profession. I think of it as the cybersecurity equivalent of an accountant earning a CPA, or an attorney passing the bar exam. It demonstrates a long-term commitment to the field and a willingness to absorb a breadth of knowledge outside of one’s specific work experience.
Moving to management
In the third phase of my career, I transitioned into leadership roles of increasing responsibility in the IT world, leading teams that became more and more diverse in terms of their own skillsets, experiences, and responsibilities.
This was a difficult transition for me. I had to learn to let go and recognize that not only would it be impossible for me to become a subject matter expert in every discipline in my portfolio, but also that I would spend much of my time in meetings rather than doing what my inner engineer considered “real work.”
I did pick up a few certifications during this period in my career, but certifications honestly weren’t a focus for me at that stage of my professional development. Instead, I dove into developing my leadership skills and helping my teams grow and flourish.
Giving back to the profession
Many of you may know me best through the books and courses that I’ve authored in the cybersecurity certification space. While I’m describing this as the fourth stage of my career, it’s actually been a background theme throughout my journey. I’ve been writing and teaching in this field since publishing my first book 17 years ago and it’s been very professionally rewarding.
The reason that I list this phase last is that it answers a question that some of you may have been asking after looking at the chronological list of certifications that I used to open this story. Why would someone with two decades of experience go back and earn credentials like the Security+ and CSA+ certifications?
That’s a reasonable question and you’re correct that I didn’t do it for career advancement purposes. I took those exams because I was developing books and courses focused on those certifications and I won’t write a book or teach a course unless I’ve earned the certification myself.
Thanks for humoring me through this exploration of my own career journey. I hope that, in reading it, you’ve found some useful nuggets that might help you in your own career. I welcome your feedback and invite you to visit my website at CertMike.com.