The value of security certifications

With more people entering the information security field, the value of certifications tend to decline. Are certifications still valuable, or are they simply a mandatory fulfillment for job employment?

Last 10 years I studied for many technical certifications within the field of IT, including Linux, storage, networking and several security certifications. Strangely enough I learned the most from the storage exam (SNIA). It was up-to-date, light weighted and gave a very good foundation to understand the way things are supposed to work. The security exams, including Security+, CCNA security, CISSP and CISA, gave me new insights, but not as much. Maybe since I was already hooked on the subject and studied many of its underlying concepts in the past.

Recently I’m wondering about the real value of certification. Is it still worth to invest many study hours, pass on interesting opportunities and ignore the spouse and kids?

Here are some pros and cons to consider:

Pros

  • There is always something to learn from study and the process of getting certified
  • Learning shows you still want to invest in your career and profession
  • Certification can be used as a baseline, to scare the fakers in the field

Cons

  • Some certifications are expensive
  • Certifications might be outdated and testing for ancient knowledge
  • It’s hard to calculate the real value of a certification (earn X more per month)

With these thoughts in mind, I would still think certification is worth doing. In my experience it’s great that you have a bachelor or master degree, but it’s the mindset and how you can apply (new) knowledge, what really counts.

Your thoughts are welcome in the comments (including additional pros and cons)!