THE WEEKLY PACKET

Networking, IT, and the week in security. Plain language. No vendor pitch.

There is a very annoying answer to whether your certification needs to stay active.

It depends.

Famous IT words, right? But this is one of the places where they are actually true.

Certifications are not magic. Passing an exam does not mean you are ready to walk into a messy production network, explain why OSPF adjacencies are flapping, fix a broken firewall rule, and calmly tell everyone the outage is not DNS.

It might be DNS. But that is not the point.

The point is that certifications are a signal. They tell someone you studied a body of knowledge, understood enough of it to pass an exam, and cared enough to finish the thing. That matters, especially early in your career.

If you do not have much real experience yet, an active cert can fill in some of that gap. It says, "I may not have done this exact thing in production yet, but I have enough foundation that you can probably coach me through it." That is useful. That can get you in the room.

But the more years you spend actively working on the technology, the less the date on the certificate matters.

If you have been running enterprise networks for ten years, designing wireless, troubleshooting routing, migrating firewalls, dealing with vendors, and getting yelled at because the internet is slow, that experience speaks pretty loudly. At that point, an expired CCNA from years ago still tells part of the story, but the bigger story is what you have actually been doing since then.

That is where people get weird about certs. They treat them like they either mean everything or nothing.

They are neither.

A certification is not proof that you are good at the job. It is proof that you can learn the material, follow through, and explain the concepts well enough to pass the exam. For someone trying to break into IT, that is not nothing. For someone already doing the job every day, it becomes one piece of a much bigger picture.

Hiring managers are usually trying to answer one question: can this person help us without creating more problems than they solve?

If your resume shows hands-on experience with the same tools, systems, and problems they need help with, that answer gets easier. If your resume is light on experience, an active certification gives them something else to trust.

→  If you are trying to get your first IT or networking job, keep the cert active if you can. You need every useful signal you can get.

→  If you have real production experience, do not panic because something expired. Be ready to explain what you have actually worked on.

→  If a job posting requires an active cert for compliance, partner status, or a government contract, then the opinion part does not matter. They need the checkbox.

→  If you are renewing only because you are scared, stop and ask whether that time would be better spent building something, documenting a lab, or getting better at the thing you already do every day.

Certs matter. Experience matters more. But when you do not have the experience yet, the cert can be the thing that gets someone to take a chance on you.

That is not a guarantee. It is a signal. In IT, sometimes that is enough to get the next conversation.

Packet Pushers does this well: curated links, enough context to know why you should care, and not a pile of recycled press releases. This is closer to that lane.

Inside the internet health numbers

Network World's Cisco ThousandEyes update reported 285 global network outage events for May 4 through May 10, with U.S. outages rising to 179. The useful part is the breakdown across ISPs, cloud networks, UCaaS, DNS, CDNs, and edge providers.

Why it matters: Your app can be healthy and still look broken because the dependency chain around it is having a bad day. This is why external monitoring and path visibility are not nice-to-haves.

When DNSSEC does exactly what it is supposed to do

Cloudflare wrote up a May 5 incident where DENIC published invalid DNSSEC signatures for Germany's .de TLD. Validating resolvers rejected the signatures and returned SERVFAIL, which made a lot of real domains look unreachable.

Why it matters: DNSSEC is integrity, not magic uptime dust. Key rollovers and signing mistakes can become availability problems fast.

BGP automation needs a blast-radius plan

Cloudflare's February BYOIP outage came from an Addressing API change that unintentionally withdrew roughly 1,100 customer prefixes through BGP. It was not an attack. It was a normal operational change with a bad failure mode.

Why it matters: Automation is not the problem. Unguarded automation is. Route changes need validation, staged rollout, circuit breakers, and a rollback path that does not depend on panic typing.

IPv6 route leaks are production problems now

Cloudflare also published a January route leak writeup where an automated routing policy change in Miami caused unintended IPv6 advertisements for about 25 minutes. The impact included congestion, packet loss, higher latency, and dropped traffic.

Why it matters: IPv6 is not the lab network anymore. If your monitoring and change review treat it like an afterthought, it will eventually remind you in production.

Wireless is carrying too much to be treated casually

Cisco's State of Wireless 2026 report says 64% of respondents expect longer resolution times, 55% are stuck in reactive mode, and 87% are dealing with hiring gaps. Vendor survey caveats apply, but the direction feels right.

Why it matters: Wireless is not just "the Wi-Fi" anymore. It carries POS, cameras, phones, scanners, guest access, IoT, and whatever someone bought without asking IT.

One security item that still belongs here

BleepingComputer reported that CISA ordered federal agencies to patch CVE-2026-20131, a max-severity Cisco Secure Firewall Management Center flaw with unauthenticated remote code execution as root.

Why it matters: Firewall management is network infrastructure. If the manager gets owned, the firewall is not the comforting boundary people think it is.

The Weekly Packet by Kevin Nanns

Network engineer. Content creator. adjacentnode.com