RE: Value of certifications

["Simmons, James" <jsimmons () eds com>]

Yes, I agree about determining the pecking order, but what is a better
way of proving that you know something? Actually going out there and
demonstrating that you know it. Or taking some cheaply made test, that
no one knows how it was formed, as your validation?
I am not saying that certifications do not serve a purpose, but I have
found very few that are actually good enough to live up to that purpose.
My example differs between vendor certs (CCNA, MCSE, etc.) and general
knowledge certs (CISSP, security+, etc.)  The vendor certs are by far
superior (though expensive for no reason) because who would know the
subject matter better then vendor.  The general knowledge certs are a
joke. What designates these people as experts? Both in the field that
the cert is focusing on, and in creating a meaningful cert?
In my rant off my link I make reference to the ASE certs for Automotive
technicians. ASE was formed by the major automakers of the day to
maintain a acceptable skill level. They employed psychologists,
professors, and other education experts to research and ensure that
their testing methods give an accurate portrayal of the skill level of
the individual. Do you honestly think that any of these companies have
put that much time and effort into their tests? These are start-up
companies that believe they can make some money off of trying to
sudo-train individuals to do a complicated job. And companies are
trusting these "certified" professionals to protect them and conduct
business critical work on their systems.
And I am not saying that this is the case for everyone. Some very
intelligent, and capable individuals are getting the certs because that
is what will attract customers. They are not getting the certs to learn
anything new. They are getting them to prove that they know. And at that
point I question why these certs have to cost so much?
While every other question I see in this forum about certs is "I want to
learn about security, what is the cert I should go after?".
It is just a messed up system that really needs an overhaul.

Regards,

Simmons

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of TJ Stamm
Sent: Thursday, April 26, 2007 6:33 AM
To: Simmons, James
Cc: security-basics () securityfocus com
Subject: Re: Value of certifications

/"But I find them only to be good if you want a basic level system admin
job"

/Lets take someone who has many certs against someone with NO certs.
They both have been working in the field for 8 years. They both have
about the same personality, and are requesting the same compensation for
the position. Who do you hire? The guy who has just been working for 8
years. Or the guy who has been working for the same amount of time, but
also took steps to further himself and his knowledge. People always
assume that if someone has certifications they have no experience or
vice versa. Think about the people who have the experience and have also
keep working to further there knowledge.

--
TJ Stamm | Essex Internet Services
MCP, MCDST, MCTS, Server+, Security+
(815) 380-3773
tjs () essex1 com



Simmons, James wrote:
>  I will have to disagree about the validity of certs. It is true that
> certs will get you the interview. But I find them only to be good if
you
> want a basic level system admin job. Everyone is putting too much
> emphasis about certifications these days. Granted it is a way to
> determine that at some point an individual was able to remember (or at
> least guess) the right answers for a group of questions at some point
in
> time, but that doesn't necessarily prove that someone is competent. 
>
> http://san2600.org/index.php?name=Blogs&mode=display&id=10
>
> I will have to refer you to my long rant about the subject, but
> ultimately my recommendation, work on a few projects in your spare
time.
> Write some white papers, do some research and present your results a
> webpage.  Actually do something that would impress employers. You can
> either try to prove that you know something, or you can do something
> that proves you know it.
> And if you are worried that you might get passed over from HR because
> you do not have a cert.  Do you really want to work at a place that
uses
> an algorithm that pre-screens for minimal requirements? Sounds like a
> place that is just looking for bodies to me. 
>
> Simmons
>
>