Last month, I wrote a Leading Edge blog post regarding security certifications and their value. The post, titled\u00a0Is there a disconnect between demand for security jobs and certifications?\u00a0has sparked a lot of conversation from folks on both sides of the issue of certification value these days.\tFrom the comments section, it\u2019s clear many people think certifications hold a lot of weight and value in the job search. Still, others argue\u00a0certs\u00a0are meaningless, especially after obtaining a certain level of actual on-the-job experience.\u00a0 In fact, one\u00a0commenter\u00a0noted \u201cI'll take someone who has "down-in-the-trenches" experience over someone with just a few\u00a0certs\u00a0any day!\u201d\tIn one of our feature stories on\u00a0CSOonline\u00a0this month, contributor Lauren Gibbons Paul poses the question:\u00a0How valuable are security certifications today?\tIn the piece, we hear from Jerry Irvine, CIO of IT consulting firm Prescient Solutions and member of the National Cyber Security Task Force.\u00a0 Irvine holds more than 20 IT certifications, of which at least six are specifically information security-oriented and is is a strong believer in the notion that the value of certifications in general and security certifications in particular shows up in your wallet.\tOn the other hand, we also hear from Chris\u00a0Brenton, an instructor at the SANS Institute and director of information security for\u00a0CloudPassage, a cloud security provider.\u00a0Brenton\u00a0has been delivering certification training for quite a few years but does not hold any\u00a0certs\u00a0himself. As someone who oversees hiring security professionals for his company,\u00a0Brenton\u00a0looks for experience beyond certification that show the job candidate has practical skills.\t"If the candidate has an active blog or has written a book about security, that tells me more about their expertise than just looking at their resume with certifications," he says.\tToday I received a email from Paul\u00a0Hugenberg,\u00a0CISO\u00a0with First Place Bank based in Warren, OH, continuing the conversation on this issue.\tHugenberg\u00a0wrote:\t\u201cWhile you don\u2019t see it on my signature, I am a CPA,\u00a0CITP,\u00a0CISA,\u00a0CISSP\u00a0and\u00a0CRISC, and each for various reasons. I would make the argument that your career is best served by your ability to not only take advantage of opportunities but to also give yourself the opportunity in the first place.\u00a0 To state that certifications are no longer worthy is like stating a bachelors degree or post graduate degree is no longer worthy because \u201cexperience\u201d trumps the rest.\u00a0 Unfortunately, that certification [and that diploma] provide for opportunities that would not be available otherwise.\u00a0 I often hear of the value or the non-value based on whether the commentator has a cert (actually sat for it rather than grandfathered for it). Those who don\u2019t or just filled out a sheet of paper for\u00a0grandfathering, certainly have less appreciation for its value than those that studied and sat through a test.\tThe\u00a0bad\u00a0thing about certifications is that they themselves become outdated.\u00a0 Do you find it at all ironic that in an industry whose primary\u00a0KPI\u00a0\u2018s include legacy systems and refresh rates, will allow a 2012\u00a0CISSP\u00a0and a legacy 2007\u00a0CISSP\u00a0to be comparable candidates?\tPaul makes excellent points and calls out another issue in this discussion that other\u00a0commenters\u00a0have also noted. What about the certification system itself? Is it outdated? Do the tests still reflect a real-world level of knowledge for security professionals? I\u2019ve heard from many who claim they do not.\u00a0 However, as soon as I post this, I predict I will quickly hear from those in charge of administering the tests for the various certifications available who will be more than happy to make the case that they are still relevant. I, of course, welcome their thoughts.