This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark certification - any value?

0

Anyone have the Wireshark certification? What are the benefits to having it - do you think employers put any stock into it?

asked 04 Nov '10, 05:17

salander2's gravatar image

salander2
1111
accept rate: 0%


7 Answers:

2

As a hiring manager, I can tell you that I always hire the person with more experience. However, if I have two equal candidates (equal in presentation skills etc.) I choose the one with more certification. I have just about all the certifications that exist in TI (CCIE, Novell, Microsoft, Sniffer, and even CNX). I got them because it helped my reseller and not necessarily because it helped me. The only one that I really studied for and was proud of was my CCIE.

To me, experience always trumps certification. But experience with certification is better! Also, if it can you past the HR gatekeepers, it may be worth it. In larger enterprises, there is an army of HR people who screen candidates based solely on key words.

I once told someone "just because you've been doing it for 10 years doesn't mean you've been doing it right!" So I realize longevity doesn't always equal experience. As a manager, you have to be able to separate the "phonies" from a real candidate.

A real technical interview and a weed-out written test is the only way to do this, IMHO.

Good luck!

answered 04 Nov '10, 17:53

hansangb's gravatar image

hansangb
7912619
accept rate: 12%

1

As a professional, I have had to pass some certification exams for the companies that I worked for. Personally I see a few reasons for certification:

  • When working for a distributor/reseller, the Vendors demand certain levels of certification before doing business or before giving discounts. So basically this means your employer needs you to certify. Having the certificates can help to get a job at these companies.
  • When you want to be an instructor for a certain vendor, you also need certification.
  • As Hansang already pointed out, there is a large HR-force at the gate of each big company that need to sift through lots of applications. They have received some keywords (of which certification levels are often a big part) to filter on. Of course some good guy might be filtered out, but if there are enough people "Good Enough", then losing a better guy does not weigh against making the hiring process more efficient. So to mitigate this barrier, make sure you have the requested certifications for the jobs you'd like to have.

To me, experience is more important. I have done my share of interviewing people and I don't care about their certifications. I had a CCNP certified guy who could not tell me what a 3-way handshake was. I like to draw a network and try to stretch it until the interviewee needs to leave his comfort zone. It's at that point that you get to see how someone handles the inevitable situation of having to improvise. Will he isolate himself to dig into books/labs/internet, will he turn to colleagues to work together, will he just tell his manager it is over his head or will he silently fail to address the issue. None of them are bad, but it needs to match the culture of the company, otherwise it will turn bad...

As for Wireshark certification. At the moment, I don't think there is a demand from companies, but that might change in the future as I do believe Wireshark skills will become more and more important.

answered 06 Nov '10, 03:55

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

1

Now that I re-read my post, it does look I'm against certification. This is not the case, I do think certification is a good way of identifying the skills people (may) have. But it needs to be handled with care.

For most certifications there are braindumps available, making it easy for people to pass even though they have little knowledge on the subject. And many people who do have knowledge don't have the certification.

(07 Nov '10, 01:59) SYN-bit ♦♦

You may have ran into an issue with jargon. I had to look up what a "3-way handshake" was, yet I certainly know the syn-ack process....

(17 Mar '14, 09:21) Gr1pp717

True, but I know @Sake, and I'm pretty sure the next question (after realizing the "3-way handshake" was unknown) was "how is a TCP session initiated" (which I would have asked, as well, because it is the same question in other words) ;-)

Anyway, being able to configure network devices doesn't mean that the candidate actually knows how packets really look like. I've met lots of guys who could almost configure routers faster than I could explain what I needed, but had no clue about TCP other than that it transports stuff with some sort of guaranteed arrival. Which is not enough when it comes to troubleshooting end-to-end problems.

(17 Mar '14, 09:47) Jasper ♦♦

I think the transport layer is a bit of a no-man's land sometimes. Network admins think of L1-3, system admins are concerned with the OS environment, and application admins are concerned with the applications.

TCP just ends up being neglected, and knowing the Cisco curriculum as I do it's not surprising to me that we do have a lot of CCxx's out there who don't understand the handshake concept, or admins and managers alike who undervalue protocol analysis or don't see it as the most systematic approach to troubleshooting. They come from a background where you are supposed to know the right 'show' command or debug option, and a world where you are supposed to be proficient in managing the router itself, so the culture is to treat any calls for a packet capture as a bit of a cop-out or a crutch. For me, when I moved to the mobile sector it was a huge paradigm shift in this respect, and whatever else I might say about mobile it's an industry that well-understands and respects the details in a byte.

(17 Mar '14, 21:05) Quadratic

1

For the question at hand I think the WCNA has a pretty uphill battle on a few fronts:

  • Branding is a problem. If it is to be the definitive Wireshark credential it should exist off of wireshark.org and not confuse people over half a dozen different websites. Leverage the credibility of the wireshark.org domain.

  • It needs to realize that credit hours or exam renewal is the most that anyone asks of people for recertification in this industry. By demanding both, and annually in the case of credit hours, they lose a big audience. Certification upkeep is a big deal when you carry them for half a dozen vendors, and people who have at least that many are basically the whole market for WCNA. It's not going to be a first certification for very many people at this stage, since it doesn't have the sheer employability power of the CCNA. I can sleep through that exam and I deal with packets every day but I'm seriously considering scraping this credential just because the overhead burden is more than all seven of my Cisco certs combined.

  • I don't know enough of the business side of it to speak to this, but bringing the cost down is a priority if it's at all possible. It doesn't phase me but a lot of people young in the industry won't consider it for the price tag.

  • It needs to make the curriculum open-source. I know trainers deserve their pay and I'd never argue against that, but I think WCNA can learn from Juniper here in their efforts to take marketshare from the king by publishing all their course books in PDF form right off the website along with 'fast track' video courses and "Junos as a second language", designed specifically to recruit from Cisco's base.

  • One of the biggest criticisms I have heard of the curriculum from collegues is that it equates telephony with enterprise VoIP and therefor doesn't apply to the telecom or mobile sectors. A few references to even the base GUI tools available for telecom and mobile signaling, or maybe more coverage of the CLI tools and some shell-wrapping possibilities which are universally useful to just about anybody using the tool (few in telecom use the GUI exclusively, and none of the good ones), would be a huge move in the right direction there.

For the question of whether I'd recommend getting it, or whether it's worth it, right now I would recommend it only for people who are looking for value-adds on top of existing certs. I got it because the cost isn't really a factor and because it's a topic I didn't need to study for, but if the goal is a job you have slim odds of this being noticed right now, and certainly not over the mainstream stuff. For adding this type skill set, you'd be far better off adding some good case studies to your portfolio or adding a reference of Wireshark experience to the resume or cover letter if it's a job that you really think it would make a difference for.

answered 17 Mar '14, 21:17

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%

0

Ok... I just have to jump in here and mention a few items.

We are receiving calls from companies who would like to "hire WCNAs" to analyze their traffic. We hope to pass those opportunities on to the WCNA team.

The goal of the certification is to test proficiency in Wireshark. Can you identify issues in a TCP handshake? Can you spot the problem in a slow browsing session? Can you define where high latency is stinking up network performance? Can you locate unusual traffic patterns that indicate a recon or breach is underway? The 33 objectives are defined in the Info Pack document at www.wiresharktraining.com/certfication - I recommend you look through those - they are on the last pages of that document.

It is not a replacement for experience. I also value experience above any certification. It is, however, a way to demonstrate that you have a certain level of competency and capability. When an employer asks about network troubleshooting/security skills, knowing Wireshark functionality, TCP/IP communications, packet-level troubleshooting and communications analysis for security purposes is key.

Wireshark is key. That is the goal of the cert program. If you have any questions, let me know.

answered 06 Nov '10, 19:45

lchappell's gravatar image

lchappell ♦
1.2k2730
accept rate: 8%

Oh, whoops - forgot to mention the Wireshark Certified Network Analyst exam is DoD 8570 approved.

(06 Nov '10, 19:45) lchappell ♦

Hi Laura, it's good to hear that companies start to request for WCNA certified people. It's always a chicken and egg situation interleaved with supply and demand dynamics. If there are not many certified people, companies will not ask for the certification and if there are no companies asking for it, less people will certify.

So it's good that the demand for WCNA people is increasing so that more people feel compelled to certify. How many people are certified at the moment (a rough figure)?

(07 Nov '10, 01:55) SYN-bit ♦♦

Sake, we're not giving out numbers yet as everything is new.

(08 Nov '10, 17:31) lchappell ♦

0

This employer does. I would rather hire someone that has shown some initiative. I challenge all my employees to improve their skill sets. I myself just passed the WCNA a few weeks ago and I haven't stopped studying yet. I take it seriously so my people do. I have admins and engineers that have worked for me over 11 years that I continue to challenge on a regular basis. I meet with each member of the dept regularly to discuss their desired career path. When I hire someone, I invest a lot of time in them. I prefer people that may not have a lot of experience but are motivated and want to learn. If they have a lot of experience but don't have any certifications, it tells me that they are more interested in a paycheck than a career.

answered 29 Nov '10, 21:06

golson's gravatar image

golson
1
accept rate: 0%

0

I would like to get the certification and have mentioned it to a couple of people. One is a close friend that I have worked with for several years and the other was my primary employer. The response from both of them is "why?". I believe that the use of Wireshark and the Wireshark materials allow you to learn more about how things "really" work than any other program out there. To the credit of those two people questioning me, I've not had or seen many people requesting it as an employment or contract prerequisite. However, I think those that are more see the value of protocol analysis.

I think over time hiring managers will start to realize that these individuals are the ones who can really see what is going on and can often fix problems exponentially quicker. I guess at this point, it is a personal challenge as opposed to getting it to get a job. I just really enjoy looking at things from the wire perspective and Wireshark is a great way to do it.

answered 06 Dec '10, 10:55

Paul%20Stewart's gravatar image

Paul Stewart
3018
accept rate: 6%

2

One of my guys said this the other day (after correcting some mistakes - in pkt analysis - made by others). Protocol analysis is like chess. Lot of people know how to play it, but very few are good at it! :)

(06 Dec '10, 19:59) hansangb

Well said :)

(08 Dec '10, 01:34) Jasper ♦♦

0

The thing I like about Wireshark is it's cross-platform. The analysis techniques and tools you learn with Wireshark can be used on any network. I have others also, but use this one the most.

answered 12 Dec '15, 14:36

John_Modlin's gravatar image

John_Modlin
1205
accept rate: 0%