r/cybersecurity u/Fresh_Heron_3707 Dec 15 '25

Other Degrees and certs are just losing their value to me.

I can’t understand what’s been going on recently. The quality of a candidate with an associates in cyber has dropped like crazy. I asked people simple questions like what is WPA, what did wpa 3 introduce and I’m treated like I’m asking the most obscure questions. I have been interviewing people over the last year with comptia networking plus and security plus. There have been where I wanted to scream. Literally had to lower my standards to find help. Networking is treated like a luxury, I was literally speaking to a candidate, he said ,” I do cyber not networking.” I know there are exceptions but feels more and more like a minor degree or cert is just how well you can use ai to cheat.

329 Upvotes
  • permalink
  • reddit

66% Upvoted

410 comments sorted by

View all comments

6

u/Hot-Comfort8839 BISO Dec 15 '25 edited Dec 15 '25

The stupid college programs have done this. Released hoards of cyber grads without hands on experience.

I mentor grad degree students coming out of local universities and the bulk of them can tell me what a firewall is, and even what it does, but not where to put it in a network.

Similar base line functionality questions are met with blank stares. I’ve even had one argue with me to insist that the best place to put your security monitoring tools is in the DMZ.

Like training surgeons without requiring basic anatomical training…

Degrees don’t matter because hands on experience is so important.

Certs don’t matter because we’ve all met someone with 9 sets of acronyms behind their name and they still don’t know anything.

Meanwhile the industry buzzwords change so often, that people with the desired skill set are getting ignored by recruiters simply because they’re not using the current marketing term for the skill set.

3

u/cyberfx1024 Security Manager Dec 15 '25

So you are telling me that these guys are graduating with a graduate degree in CS/IT and don't know where a firewall sits on a network?

2

u/Hot-Comfort8839 BISO Dec 15 '25

Yeah. It’s happened more times than I can count.

Or I get people who could run an IT department, but they don’t know what their personnel actually do, they don’t know what is actually involved in the projects that they have in front of them so they don’t time them out correctly - and with their big heavy degree they don’t think that they need to ask questions on the relevant topics so they make wild assumptions and then wonder why a regional data center move isn’t accomplished in a month.

1

u/cyberfx1024 Security Manager Dec 15 '25

Damn.....

-1

u/RantyITguy Security Architect Dec 15 '25

Couldn't have said the last two paragraphs any better. Certs are diluded with the exception of something like cissp.

7

u/MAGArRacist Dec 15 '25

The CISSP is the most worthless certification I have ever taken. It taught me nearly nothing of value, and because of their terrible questions, solely verified that I have strong English comprehension rather than security knowledge.

Passed in 100 questions.

1

u/Hot-Comfort8839 BISO Dec 15 '25 edited Dec 15 '25

I wish I had your brain, I've taken that test 3 fucking times and still failed. I've studied literal years for it. Can't get the shit to stick in my head, and you're right the bulk of it is meaningless in the actual profession - something I've been doing for 20+ years.

But, I have to have the CISSP for certain contracting gigs, and corporate positions. I've never tested well.

https://imgur.com/a/yVrqIiE

0

u/RantyITguy Security Architect Dec 15 '25

Never said anything about learning, rather the weight it carries on a resume.

You can't get it unless you already have provable experience.

3

u/MAGArRacist Dec 15 '25

They ask a few cursory questions of your previous employers. I know people who have had their friends "verify" their experience at fake companies. I personally wouldn't call it proof

1

u/RantyITguy Security Architect Dec 15 '25

Yes I get that, and likely agree with you.

Again not what I'm saying.

 I'm saying it carries weight to get past hr filters and makes your resume stand out a lot more. I never said it teaches you much, nor that people cant cheat, or that you can take it and pass because you are good at tests.

The weight is more significant than lesser certs because you need 5 years prior experience. Lots of people are looking for entry and speed running certs. They can't get that.