With all the talk about security certifications and working in IT security being hot right now and in the future, I was wondering if it would make more sense to try and get the Security + certification before trying to get another IT certification such as the MCSA (Microsoft Certified Systems Administrator)? I’ve heard that most certifications (other than security) don’t mean that much anymore to employers, and that skills now beat having certifications. Also, I noticed for many other security certifications such as the CISSP, the requirements to take the test are very strict, in that you need to have 5 years of experience working in security. How does one get that experience if they’ve never specifically worked in security? What if someone was more of an IT Generalist, or IT jack-of-all-trades where they worked? I think I want to head in the security direction, but how do I do it? For the past couple of years, I’ve worked for a small firm where I am the only one that does all the IT stuff, and security was really never an everyday issue. My job title probably ties more closely to an IT Administrator or Systems Administrator. I appreciate any help and feedback. Thanks very much.