Skip to main content
POST ATLAS
All perspectives
Perspective · Certifications

Certifications don't prove competence. They prove direction

The pro-cert and anti-cert camps are both wrong. Certs still matter, but only when you understand what they actually signal in 2026.

Published 27 May 2026·9 min read·By the POST editor, 20 yrs, helpdesk to security architect
Verdict

Certifications still matter, they just don't do what most people online claim they do. They prove direction more than competence, and confusing those two is usually where careers stall.

The conversation lives in extremes

Online, certifications are either useless paper or the entire career ladder. Neither survives a week on a real engineering team. The useful question isn't whether certs work. It's what they actually do, and that's where years quietly disappear into the wrong kind of study.

What a certification can do

A reasonable certification helps with HR filtering, gives some structure to early learning when the field is too broad to navigate by feel, and signals interest in a domain to someone who doesn't know you yet. It creates interview opportunities that wouldn't otherwise have surfaced, and it standardises baseline vocabulary so you can hold a conversation with someone senior without constantly having to ask what an acronym means. That's not nothing.

What it usually cannot do is replace operational depth. That distinction matters more now than it did five years ago because the market has moved.

The market changed quietly

A decade ago a cloud cert was unusual enough to differentiate you almost on its own, and a security certification implied genuine specialisation because relatively few people were chasing them. Now most candidates have watched the same roadmaps, learned the same acronyms, and been told by the same YouTube channels that cloud and cyber are entry-level gold rushes. The downstream effect is an oversupply of theoretical juniors trying to skip operational years.

That doesn't mean certifications stopped mattering. It means their role changed. A Security+ in 2016 and a Security+ in 2026 don't signal the same rarity, and the same is true of an AWS Associate or any "DevOps roadmap" completed in a weekend. Once a signal becomes common, the market recalibrates without telling anyone, and that recalibration usually lags candidates' assumptions by several years.

Experience is still the hard currency

Most infrastructure and security roles are trust-based professions wearing a technical costume. Production access is trust, architecture decisions are trust, and approving a privilege escalation at two in the morning is trust. Operational experience compounds heavily because it's the only thing that demonstrates judgement under friction, and friction is the part no exam can simulate.

Outages, ambiguity, poor documentation, broken dependencies, difficult stakeholders, incomplete information. A multiple choice paper can't reproduce that environment, no matter how carefully written the scenarios are. That's why senior engineers often dismiss certification-heavy candidates who haven't operated systems at scale; it isn't arrogance so much as pattern recognition. They've seen the same shape too many times. Strong on definitions, weak on troubleshooting. Cloud knowledge with no networking depth. Security candidates who've never administered a server. The industry filters for that eventually.

The anti-cert position is also wrong

A different sort of career damage happens in the opposite direction. Experienced engineers tell beginners that certifications are worthless, which is usually survivorship bias. Once someone has ten years of infrastructure work behind them, a cert matters less because their CV already carries stronger signals: systems operated, migrations led, outages survived, platforms designed.

Beginners don't have any of that yet, and a sensible certification can still do useful work for them. It creates interview access, accelerates exposure to terminology, gives some structure to what would otherwise be fragmented learning, and reduces randomness in a confusing market. The mistake isn't taking certifications; it's expecting them to carry an entire career transition on their own.

The actual lifecycle

The cleanest way to think about certifications is across three rough phases. Early career, they buy credibility you don't yet have. Mid career, they help with direction in a field too broad to navigate by feel. Senior career, they're positioning for the role you want next rather than the one you're currently in. The same cert can be high value in one of those phases and almost pointless in another.

A cert tends to be at its most useful when it confirms work that's already becoming visible operationally. Cloud certs matter more once you already support infrastructure of some sort. Security certs matter more when you already understand the systems you're trying to defend. Kubernetes certs matter more when you've actually operated a cluster under load. The market trusts alignment with what you already do far more than it trusts aspiration.

The cert-stacking trap

The dangerous version of certification chasing isn't the certs themselves. It's building an identity around collecting them. You can spot the pattern at three years in. Six badges on LinkedIn, zero production systems they can talk about for more than ninety seconds, and a CV that reads like a roadmap rather than a career. Eventually the market asks what you've operated rather than what you've studied, and that's where the stack collapses in a single technical interview.

That plateau is the part most career sites quietly avoid talking about, because it doesn't sell course bundles.

So are certifications still worth chasing?

Yes, but with some caveats. Not blindly, not endlessly, and not as a replacement for operational depth. The strongest careers in this space usually combine practical ownership of real systems, operational scar tissue, an honest understanding of how the pieces fit together, the ability to explain that to non-technical people, and a small number of targeted certifications layered on top. The certs open doors. The rest is what keeps them open.

Where this connects on POST

If you're trying to work out a sensible cert order for where you actually are, the certifications library ranks them by realistic usefulness rather than vendor marketing. If you're earlier on and the cert question is really a positioning question in disguise, the helpdesk piece is the more relevant read. And for the specific case for and against one of the biggest names in the field, the CISSP piece applies all of this to a single decision.

Authored by

The POST editor. Twenty years in the work. Helpdesk, sysadmin, network, cloud, security engineering, security architecture. POST exists because the advice given to people entering this industry is, on average, dishonest.

Last reviewed 27 May 2026. Career advice without a date is worth what you paid for it.

POST Atlas is independent practitioner commentary. Certification and product names belong to their respective owners. Views are based on observed hiring patterns, public job-market signals and practitioner experience, not vendor endorsement.

Where this fits

This essay describes one pattern. The question is whether it applies to your route.

Pathways that touch this
Certifications in scope
Perspectives that bear on this

The serious next step

This essay named one failure mode. The verdict tells you whether it's yours.

A Career Verdict is the practitioner-authored call applied to your specific situation. Same six primitives, every time.

Plateau zone
The flat year nobody warns you about, named and timed.
Reality vs Fantasy
Your actual five-year curve against the one you've been sold.
What to sit and what to skip
Each cert on your list: useful, optional, or skip, with reasons.
The call
A single written judgment on whether your plan holds up.
Tradeoff spectrum
What you're giving up for what you're choosing, plotted.
Decisive factors
The two or three things that will actually make or break this.
See what a Career Verdict looks like£25 · one verdict, yours to keep

Built on POST's practitioner-authored assessment framework, calibrated by James from twenty years across helpdesk, infrastructure and security. Framework is human-authored; the verdict applies it to your inputs.

All perspectives