Security Basics mailing list archives
RE: Value of certifications
From: "Simmons, James" <jsimmons () eds com>
Date: Thu, 26 Apr 2007 15:36:09 -0500
Yes, I agree about determining the pecking order, but what is a better way of proving that you know something? Actually going out there and demonstrating that you know it. Or taking some cheaply made test, that no one knows how it was formed, as your validation? I am not saying that certifications do not serve a purpose, but I have found very few that are actually good enough to live up to that purpose. My example differs between vendor certs (CCNA, MCSE, etc.) and general knowledge certs (CISSP, security+, etc.) The vendor certs are by far superior (though expensive for no reason) because who would know the subject matter better then vendor. The general knowledge certs are a joke. What designates these people as experts? Both in the field that the cert is focusing on, and in creating a meaningful cert? In my rant off my link I make reference to the ASE certs for Automotive technicians. ASE was formed by the major automakers of the day to maintain a acceptable skill level. They employed psychologists, professors, and other education experts to research and ensure that their testing methods give an accurate portrayal of the skill level of the individual. Do you honestly think that any of these companies have put that much time and effort into their tests? These are start-up companies that believe they can make some money off of trying to sudo-train individuals to do a complicated job. And companies are trusting these "certified" professionals to protect them and conduct business critical work on their systems. And I am not saying that this is the case for everyone. Some very intelligent, and capable individuals are getting the certs because that is what will attract customers. They are not getting the certs to learn anything new. They are getting them to prove that they know. And at that point I question why these certs have to cost so much? While every other question I see in this forum about certs is "I want to learn about security, what is the cert I should go after?". It is just a messed up system that really needs an overhaul. Regards, Simmons -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of TJ Stamm Sent: Thursday, April 26, 2007 6:33 AM To: Simmons, James Cc: security-basics () securityfocus com Subject: Re: Value of certifications /"But I find them only to be good if you want a basic level system admin job" /Lets take someone who has many certs against someone with NO certs. They both have been working in the field for 8 years. They both have about the same personality, and are requesting the same compensation for the position. Who do you hire? The guy who has just been working for 8 years. Or the guy who has been working for the same amount of time, but also took steps to further himself and his knowledge. People always assume that if someone has certifications they have no experience or vice versa. Think about the people who have the experience and have also keep working to further there knowledge. -- TJ Stamm | Essex Internet Services MCP, MCDST, MCTS, Server+, Security+ (815) 380-3773 tjs () essex1 com Simmons, James wrote:
I will have to disagree about the validity of certs. It is true that certs will get you the interview. But I find them only to be good if
you
want a basic level system admin job. Everyone is putting too much emphasis about certifications these days. Granted it is a way to determine that at some point an individual was able to remember (or at least guess) the right answers for a group of questions at some point
in
time, but that doesn't necessarily prove that someone is competent. http://san2600.org/index.php?name=Blogs&mode=display&id=10 I will have to refer you to my long rant about the subject, but ultimately my recommendation, work on a few projects in your spare
time.
Write some white papers, do some research and present your results a webpage. Actually do something that would impress employers. You can either try to prove that you know something, or you can do something that proves you know it. And if you are worried that you might get passed over from HR because you do not have a cert. Do you really want to work at a place that
uses
an algorithm that pre-screens for minimal requirements? Sounds like a place that is just looking for bodies to me. Simmons
Current thread:
- RE: Value of certifications, (continued)
- RE: Value of certifications Petter Bruland (Apr 23)
- Re: Value of certifications packet_boy (Apr 23)
- RE: Value of certifications Robert Lupo (Apr 24)
- RE: Value of certifications Chris Smith (Apr 24)
- RE: Value of certifications Robert Lupo (Apr 24)
- Re: RE: Value of certifications lordl3ane (Apr 24)
- Re: Value of certifications Doug Schlachta (Apr 24)
- RE: Value of certifications lalit.gupta (Apr 25)
- RE: Value of certifications Brian Bemis (Apr 25)
- RE: Value of certifications Simmons, James (Apr 25)
- Re: Value of certifications TJ Stamm (Apr 26)
- RE: Value of certifications Simmons, James (Apr 27)
- Re: Value of certifications Yousef Syed (Apr 27)
- RE: Value of certifications Simmons, James (Apr 27)
- Re: Value of certifications Patrick (Apr 30)
- RE: Value of certifications Craig Wright (Apr 27)
- RE: Value of certifications Simmons, James (Apr 27)
- RE: Value of certifications Craig Wright (Apr 30)
- RE: Value of certifications lalit.gupta (Apr 25)
- Re: Value of certifications Yousef Syed (Apr 27)
- RE: Value of certifications Adnan Rafik (Apr 30)
- RE: Value of certifications andrews (Apr 27)
- RE: Value of certifications Simmons, James (Apr 27)