Security Basics mailing list archives
Re: Certifications: Not worth the paper they are printed on?
From: krymson () gmail com
Date: Mon, 6 Oct 2008 15:28:23 -0600
Jon, nice post. I just wanted to mention that if someone misses their Security+ yet has 100+ certs (or even 10+ certs), they need to be avoided. They obviously don't have the knowledge (yet) for security and they certainly have learned nothing about how to study and take a test. I want to join in on the soap box too. :) I find it important to remember that many of these certification shops are simply businesses trying to make a buck. Their focus is their own bottomline, not the experience and actual value from the student perspective. In other words: the more they churn in and out, the more they make. There is every incentive to make everyone in the world get the cert, rather than make the cert a more exclusive reflection of skill/knowledge. Sure, they dance the balance between being relevent and churning more money, but I think we know which one wins over time. b) I also think it is important to remember our field can be very technical. This means you really have to learn from both experience and also from experienced practioners. As you say, getting someone who has logged time in the technical trenches is important, maybe essential in most cases. c) But those people are also most likely well-paid professionals. To get them to leave a technical job and go into the "teaching/presenting circuit" might be tough to do. And it might mean premium prices for the education. d) But then once someone is in the "teaching/presenting circuit," they stale. The presentation suddenly becomes more important than the skills they are trying to pass to the student. The extreme result in my mind is the typical motivational speaker. Entertaining presentation, but the common sense message is a waste of money. e) Lastly, I also believe "security" is just too broad. No two companies do security the same, and I really believe no two companies ever will do security the same, no matter how much McAfee wants to sell entire universal crapware suites and HackerSafe stickers. This results in teaching the vague concepts rather than the technical skills. How often do we hear "experts" spout the "best practice" of implementing a PKI buildout? And how often is it actually successfully spelled out based on experience? And this is why us folks who thirst for technical knowledge, and the certs to reflect it, feel so empty from these typical trainings and tests. We can get more personal value from wasting time on IRC than on a cert. <- snip -> All, Yesterday I was reading a blog where someone with no security experience whatsoever was grousing that they flunked the Security+ exam. The blogger also claimed to have over 100 certifications. In my opinion, that many certifications undoubtedly qualifies this blogger to be the Poster Boy for everything that is wrong with the certification process. .. <- snip ->
Current thread:
- Certifications: Not worth the paper they are printed on? Jon Kibler (Oct 06)
- <Possible follow-ups>
- Re: Certifications: Not worth the paper they are printed on? krymson (Oct 07)
- Message not available
- Re: Certifications: Not worth the paper they are printed on? W. Lee Schexnaider (Oct 08)
- Message not available