Peter Stephenson, an IT security consultant, says he wouldn't bother getting a security certification unless it helped feed his family. In his case, it did.

Some security professionals have begun to question the value of their most highly-valued certifications, as more and more people pass those tests, said Stephenson, a consultant at Eastern Michigan University's Center for Regional and National Security, during a presentation at the Computer Security Institute's (CSI) Computer Security Conference and Exhibition in Washington, D.C.

Many employers, however, still look for those little certification letters on resumes as a way to screen applicants, he said.

Stephenson, a security manager and computer forensics investigator for close to 20 years, didn't pay attention to certifications until 2002, when he was laid off from a job. He then decided to seek certifications because headhunters weren't calling, even with his years of experience. At one point after taking the Certified Information Systems Security Professional (CISSP) certification in 2002, he posted two versions of his resume on the Internet, one with the CISSP certification listed and one without. The CISSP resume generated several calls from employers, the second resume, even with all his experience listed, generated no calls, he said.

Even though the certificates were helpful in his case, Stephenson said, professionals do have legitimate concerns about them.

"This is a veritable soup of training and certification opportunities, many of which are ill defined, except for the part about the price," Stephenson said. "The problem is the certification companies have turned it into such a money grab that the credibility of some of these certifications are starting to slip."

A representative of CISSP vendor International Information Systems Security Certification Consortium  wasn't immediately available for a comment on Stephenson's talk, but the Computing Technology Industry Association (CompTIA), which offers the Security+ certification, defended certifications as a way for hiring managers to evaluate employees. CompTIA often hears stories from IT workers who say certification have helped advance their careers, said Gene Salois, vice president of certification at CompTIA.

The IDG News Service is a Network World affiliate.