To Certify or not to Certify?

What is a certification?  According to Wikipedia (and yes I hate using Wikipedia as a source but the dictionary definition is just plain stupid) certification “refers to the confirmation of certain characteristics of an object, person, or organization. This confirmation is often, but not always, provided by some form of external review, education, assessment, or audit.”  The Army has dealt in certifications for decades, if not from its inception.  A tank crew gets certified when it goes through it’s table 8 qualification.  A Soldier gets certified when they take and pass their APFT.  My daughter got certified recently to babysit here on post.  All of these are certifications (and there are countless more) but each certification has a different meaning and standing within the community.

Within the information technology field, there are a countless number of certifications available for people to receive.  Some have little standing within the industry as a whole while others have become the standard.  While a table 8 or APFT certification is pretty important within the Army, it has little if any meaning outside of it.  On the other hand an industry standard certification such as the Cisco Certified Network Associate (CCNA) or Microsoft Certified Solutions Expert (MCSE) has a fair bit of meaning outside of the military but is of comparatively less value within the Army.

So while we have very little choice when it comes to us getting “Army” certifications (I would love to say screw taking another APFT but unfortunately Uncle Sam won’t let me) we have a lot of leeway within industry certifications.  So the question is, is it worth it?

Certification_Cartoon

Required Certifications

When I came into the Army in 1999 getting a professional certification was not particularly common within the signal corps.  We operated with Mobile Subscriber Equipment (MSE) which was all specially made military equipment.  There was little if any integration of civilian equipment within it so there was no reason to have a certification.

As time progressed civilian networking technology became more and more integrated into tactical signal until we reached the point of the JNN appearing on the battlefield in Iraq where suddenly tactical signal and civilian networking were the same.  Today we have a shelter full of Cisco routers and switches providing the backbone of our tactical network.  Inside the tent is a stack of servers running Microsoft Server providing us with SharePoint, Exchange, and many other enterprise type services.  As this occurred, the need to understand more and more advanced networking concepts increased but the requirement to actually get certified on any of these concepts is still fairly rare.

DOD 8570

In December 2005 the Department of Defense released DOD 8570.01-M which formally required DOD employees (remember you’re a DOD employee) who have privileged access to information systems/networks and fill certain information assurance related roles to achieve a certain level of industry-recognized certification.  When this was first pushed out, it was primarily the NECs who worked to implement this by requiring that Soldiers within the unit who would have admin responsibilities (primarily your 25Bs) had to get a Security+ certification (although in Feb 2014) it was announced that the Cisco CCNA Security would now be accepted to meet these requirements).  While the requirement was pretty successful on the garrison side, it has been much less so on the tactical side.  For garrison operations units only needed to get one maybe two Soldiers certified, for tactical that number goes up significantly to include pretty much every signal Soldier and officer.

Initially, there were problems with funding Soldiers first getting the training and then paying for the certification.  While many of these problems have been solved, it is not perfect and as a whole, the Army is still not anywhere near where it should be in order to actually meet the requirements laid out in 5870.  Once Soldiers receive their certifications, there are still problems keeping them certified either through retesting or continuing education.

255S

In 2012 the Army began to address the need for a warrant officer who was focused on information assurance.  They did this with the creation of the 255S Cyberspace Defense Technician.  While the creation of the 255S MOS did a number of things, one of them was the requirement that any warrant officer applying for the MOS (not obtaining the MOS) must hold an information assurance technical III.  This is normally done by receiving the CISSP certification.  Again, because this is a requirement to apply, not maintain the MOS Soldiers are often forced to get training and test for the certification on their own.  There are testing vouchers available for this exam through the Army but in my experience they are hard to come by.  In earlier this year there was an exception in place by the Signal Center waiving the requirement for the CISSP certification due to a lack of Soldiers actually applying for the position.   Check with the signal center proponent to find out if this exception is still in place

Story Time

When I was but a young wobbly one going through the basic course at Fort Gordon I, like the other 11 members of my class, all took and passed the CCNA examination and became “certified”.  For those of you who may or may not be familiar with the Cisco certifications, they are good for 3 years at which time I can either take another associate level exam (there are a few of them), take a professional level exam (again there are a few of them), or let it expire.  In 2009 when my certification was getting ready to expire, I was in Iraq and just never got around to taking any of the exams and so my certification expired.

When I got home, I played with the idea of going and taking the test again to get my certification back but at the time I sat there and thought “Why?”  Me having my Cisco certification wasn’t a requirement, it didn’t get me any extra money, it wasn’t going to get me promoted to a higher position, and at the time the Army had no way to even know if I had the stupid thing (I am told that it can show up on your ORB now but I still haven’t confirmed that).  So rather than spending the $350 and driving to Kansas City to take the test, instead spent the money on beer.
Cisco CCNA LogoFast-forward a couple of years to when I was stationed in Colorado Springs.  I answered an ad on Craigslist for someone looking for a CCNA in Denver to help with a small project.  My certification was still expired, but I wrote the lady anyway, told her my story, and got picked up for the job.  The job actually ended up being a relatively large project helping a networking company overall a financial company’s corporate network.  It was a project that went off and on for about a year and since most of the work was after business hours it worked out great and I made a fair bit of money doing it.  But still, I think that this is the rare exception for most people in the military.

Fast-forward again to about a year ago.  I am getting to the point where I am starting to plan my retirement (I’m currently 4.5 years out) and I established the goal of at least having my Cisco Certified Network Professional (CCNP) prior to getting out.  The first step to that is getting my CCNA again.  I scheduled a test, went and took it, and failed by 25 points.  Now in fairness, I was horribly sick, but at the same time, I wasn’t prepared.  I figured it would be pretty easy like it was last time.  I didn’t realize that they had changed the format a little bit and made it significantly harder (frame-relay and IPV6 killed me).  Now I am busy studying up so I don’t blow another $350 so I can get my CCNA and start to working on my CCNP.

Moral of the Story

So back to the point of this post….is getting (and keeping) your certifications worthwhile while you’re in the Army?  Hindsight being what it is, I would say probably.  In my case, keeping my CCNA would have been worth it.  The side work I did in CO more than paid for what it would have cost me to renew my certificate twice since I got it originally.  Yes, I got the work without it, but I could have just as easily not gotten it.

Keeping our certifications current forces us to keep current on our respective skills and changes in our area of focus.  It pushes us to strive for the next level of certification which in turn pushes us to expand our knowledge base beyond what it is currently and into the next level.  Additionally as most people know it is much easier to keep what we already have achieved instead of having to start all over again.

Another important thing to remember when it comes to maintaining our certifications is that one day each of us will put away our boots and say “see ya” to the Army.  For some of us we will see that day coming a fair way away either due to retirement or just deciding that it is our time to go.  In other cases our exit may be a little bit less foreseeable due to injury, lack of advancement, or a number of other reasons (The Army is definitely getting smaller and just because you’re safe today doesn’t mean you’ll be safe tomorrow).  While getting an industry certification should by no means be our primary goal, I think it is an important one to keep and achieve in the long run.

23 Responses to “To Certify or not to Certify?”

  1. Ian Mains

    Great post. While many despise it, 8570 isn’t going anywhere. Doing Regional IA duties in the ‘Stan recently, I can’t tell you how many “admins” came into theater without any kind of baseline certification. If you are reading this, dig into what certs your admins have. Technically, they shouldn’t be administering anything without a baseline certification. As you said, certs are great, but hands-on experience (in my opinion) is even better, and preferably someone has both. Looking at the 255S aspect of things, I have a mountain of certs, some of which I would have to do some serious soul searching if called upon to do (forensics anyone?) just because I don’t do them on a regular basis (ever). If I’m correct the 255S waiver is still in place, but I don’t work at SigCOE so that’s just what I’ve most recently “heard”.

  2. Andre Brown

    Awesome story Chief!!!! As a Technical Recruiting Manager staffing the Middle East, I can tell you that certifications mean everything if the plan is to work in a enterprise environment. The only way to get near the door is to have them. I have many individuals who apply that has heavy experience but lack the certifications for baseline and/or CE and unfortunately, they cannot be offered a job. The DOD 8570 standard is real so I highly recommend getting and keeping the certifications current.

  3. Jon Stanley

    8570 is important for the DOD, but the one line that gets skipped by units is to be trained and/or certified on the systems that elevated privileges are granted on. Sure you have securiry+ but do you know anything about Windows, servers, VMWARE, Cisco, juniper, etc. This is something that should be included when discussing what to spend training dollars on. Also do not forget about CPE requirements, giving classes and attending security and professional related conferences should ‘ve advocated when possible, especially those holding CISSP type certification. In short training never stops at any level, as technicians we need to be involved in these discussions. This will not only help our soldiers and ourselves but those who follow after.

    • Ian Mains

      Jon, the Computing Environment certification should address your concern, i.e., if I admin network devices, I should have something from Cisco, Windows servers/workstations something from Microsoft. Also, if done right, the rights you get should be filtered to what you need to do the job. There are a multitude of spots online to find sustainment training such as LandWarNet eUniversity, FedVTE, and many others. When I was in the dirt, USFOR-A had modified the CE requirements to any online type classes due to the lack of availability of classes and the difficulty of getting some soldiers to big bases. You are right though, the train never stops. By the way, anyone got CISSP tokens?

  4. Da Bisco

    For any aspiring penetration testers, I highly recommend the OSCP course. The CEH is a joke compared to it. Security addicts, check it out. You won’t regret it. Worth every penny.

  5. Sean Reney

    I too let my CCNA lapse, however this hasn’t particularly kept me from getting job offers in the IT field that say they require a CCNP, BA or “equivalent experience.” However, the lack of certifications could be the reason why the offers were lower than I was willing to accept.

  6. Daniel Feldman Jr

    The baseline certifications do not provide the skillset required for our jobs. Not even close. To not have them is a mystery as our Soldiers should be performing at a skill level that is much higher than that required to attain the baseline certifications. The Army has made it too easy. Even the CE certs don’t have to be obtained and can be replaced with ‘equivalent’ training which translates to skillport. However, (and I know I’m going to receive flak for this) we can’t complain about the Soldiers when we don’t even require CCNA for our 255N to cross over, which is the minimum that should be needed for consideration. Sure, when supplemented with CECOM and GD support a 255N can get by without having even the skillset required for CCNA, but this should not be. We require college credits for English but not a CCNA for our Warrants? And then laughably we give them the answers to the Cisco Academy tests in WOBC when they fail and move them on to be a Brigade and above network ‘expert’. We have set ourselves up for failure, and I’m hoping that with IaaDS, the civilian reduction, and increased focus on training that this tide will sway to a more favorable position.

  7. Jon Stanley

    Yes, that is what I was talking about. I do avail myself to those training sites and make sure others know about them, but at times outside training is required even if it is still online. Tech moves faster than our free training sites can keep up with, especially when concerning the computing environment.

  8. Chief Troy

    Daniel Feldman Jr I would argue that when it comes to getting the certs in order to do the job (talking Cisco and Microsoft specifically) just because I have the cert doesn’t mean I can do the job and just because I can do the job doesn’t mean I can get the cert. As a brand new wobbly one inside a BCT, you’ll be exposed to and expected to be able to accomplish tasks that cross both CCNA and CCPN (DMVPN comes to mind) and while I haven’t looked at it, there is probably a CCIE task or two in there too somewhere. Likewise even as a Division or probably Corps Net Tech, will you ever touch frame relay which you need just to pass CCNA? Being one doesn’t mean that you’ll be successful at the other but it does give an good indication.

  9. Jon Stanley

    Daniel, that last time I looked CCCNA is highly recommended for 255N applicants. I think it should be required and the school house should be teaching CCNA-Security, voice, and wireless instead. WOBC should focus on above baseline training and WOAC should actually be advanced. We are more than just router and satcom AMEs. Every unit I have been to I have to expand my knowledge on systems such as NAS, SAS, VM and so on. It is very easy to pigeon hole ourselves and this can hurt us in the long run.

  10. Jon Stanley

    Troy, I agree having a cert doesn’t mean you are truly knowledgeable and vice versa. Frame relay kicked my butt going for my CCNA. I also agree that what we are required to do spans across the certification levels. Like you said it gives an indication of what concepts and task that should be known or at least have an understanding of.

  11. Daniel Feldman Jr

    Troy Ward and Jon Stanley. Completely agree. The context of the discussion though regarding ‘to get or not to get’ and the relevance of 8570 is the direction of the response. The CCNA is merely an example of identifying shortfalls in our skillset and requirements within the Army. Even then, if the argument is that CCNA still doesn’t cover what we need, then why don’t we require it as another baseline or CE milestone? Of course, from here, we can branch out into CCNA Security/Voice, Professional level and beyond, etc. In response to the context of the post, however, yes we should pursue certifications (the knowledge associated with them, and not just the paper) because the baselines are not enough. On the flip side, Troy as absolutely correct in stating that having the cert doesn’t mean we can do the job and vice versa. Just feel that the industry training model and associated sources are a great place to begin a good training plan to increase our skillset. Obviously, there are many different ways to ‘skin the potato’.

  12. Jon Stanley

    Understanding the training/cert requirements for yourself and your unit is important. Next piece is getting the unit to understand that this extends beyond 8570 baseline. The other piece comes afterwards and ensuring that what was learned can be applied so the unit can see the value added to footing the bill. Getting trained in CEH might be nice but is that value added for your unit.

  13. David E. Theriault

    Jon hit it right on the head. Sadly following many ICND, CCNA and MCSE boot camps we deployed and still found ourselves lacking in many Networking tasks: rendezvous points for multicast traffic, trunking, GRE tunnels, configuring call manager, adding phones, streaming video. I eventually put together aka designed a custom Advanced networking class mirrored on the Cisco pod concept and made each pod aka FOB their own independent network that had to tie into each other and stream FMV video, make phone calls, trunk etc.. The instructor I brought in was ecstatic that he didn’t have to teach the same ICND and CCNA classes again. The flash in the pan was the net result of the improved skills my AIS team had prior to that next deployment.

  14. Aaron Warner

    There is nothing like being able to hit someone in the head with your number right Quaid Jordan!?! #39102

  15. Quaid Jordan

    Having the certs is one thing and being able to apply the technology is another. I do a lot of technical interviews and there are so many paper qualified people out there but it is much harder finding a good experienced tech (speaking from the network side).

    Oh and Aaron Warner yes it is!!! #42893

  16. Ian Mains

    If I wasn’t comfortable talking it, I doubt I would highlight it on my resume. But then if that’s all you have and hoping to get your foot in some (any) door then…

  17. Quaid Jordan

    Yeah but with the need of filling seats sometimes the “qualified” are hired to prevent losing money. Unfortunately that is the way it is and yeah you guessed it…. the good techs get to pull all the weight.

  18. Anthony P. Lamont

    Daniel Feldman Jr while it is a lofty dream that with the reductions in civilian and IaaDS this will increase the focus on training. It may led to an increase of training for the 255N but what about the Soldiers that operate the JNN/CPNs. I have been flat out told no when I wanted to put together a class for my Signal Company or when I wanted to line up some training with CECOM. I have had to let them fall on their faces and still the lesson has not been learned by command. To quote many in the chain of command “Signal is NOT the mission.”

  19. Chief Troy

    Anthony P. Lamont that is a common thing we see here with units coming through on rotation. Normally by the end of the rotation (or at least most of them) the commander gets a much clearer picture of just how important signal is to him being able to fight. This is almost always true with Lower T/I but unfortunately only sometimes true when it comes to upper T/I. The same is true when it comes to IA. They often don’t get the point when they get SPAMed or have a virus pop up on one or two computers. What we tried recently though and found was very effective though was when the local “news” in the box did a story highlighting the Brigade battle plans that the OPFOR had handed over to them.

    • Nick Chadwick

      I am a wobbly one going good on CW2 in two weeks. I can speak to the change of WOBC versus what some have mentioned. CW4 Henry, now retired, updated the course to include all of what you mentioned during my class 01-13 of 255N. We did Cisco Call Manager, Security (needs updated, but I put it in the course comments), and some CCNP stuff like Standby, tunneling, and traffic shaping. Also took CISSP course and all got vouchers 8/11 passed, #454619, and many took the CCNA. I let mine expire and had it before the course, so bored having to take Cisco Academy again. So the point is the course is improving and changing based on input from the field. If you guus have input please let me know ow, my neighbor is the course manager. I work on Ft. Gordon and he owes me a lunch. I’ll be going to get my 6th cert, CEH, in two weeks, then back to CISCO to work on CCNA renewal. I paI’d o error $300 this year to maintain certificates, and had a token for the CISSP. It gets a little crazy. I work with BDE and various units all the time on different missions. Staying engaged and certified is challenging, but I think it’s worth it if you can show in the end that you have 15-20 experience and we’ll certified. CECOM was trying to hire me, but I still have another 15-20 of good work as a 255 or 117. Those certs make the civilian and contracting world look for you! I get offers all the time randomly just by having those certs on my online resume. Background is I used to be a DoD contractor at enterprise level and switched to AGR 255N for the uniform and pension.