Announcing LAMN: Legion Against Meaningless certificatioNs

[gem at cigital.com (Gary McGraw)]

Hi sc-l,

I tend to agree with Prasad, though in a fit of fractal possibility, I also agree with Jeremy.  Turns out I wrote 
something about this very issue in May 2007 for darkreading:

Certifiable  http://www.darkreading.com/document.asp?doc_id=123606

gem
(supposedly on vacation in SC)

http://www.cigital.com/~gem




On 3/22/09 4:35 PM, "Prasad Shenoy" <prasad.shenoy at gmail.com> wrote:

Great idea but why would you say CISSP is meaningless or MCSE is meaningless? Certifications are like technology. They 
have a place where they fit. CISSP became so popular and prolific because of the vast field of coverage (10 domains) 
that a certified practitioner had to study, understand, relate to and practice if given a situation.

I am strongly against any certification that touts that you would be able to change the world for good. As silly as it 
might sound, there are quite a handful of these. On the other hand, companies like CISCO and Microsoft offer 
certification that allow "professional" to get certified and demonstrate their ability to understand and take over the 
responsibility of the said position that the certificate applies to.

Now, if you make a case against certifications just because it has become so easy to cram overnight and get certified 
in the morning, then that's not justice. There are 2 extremes to the spectrum and you see only 1. It's like giving the 
entire security industry (professionals with certifications mostly) becuase of a few (thousand) individuals who don't 
prove to be laible candidates to have obtained that certification. You can compare it to how the world panned out the 
meaning of the holy word "Hacker" to what it is today.

Prasad

On Wed, Mar 18, 2009 at 5:29 PM, Jeremy Epstein <jeremy.j.epstein at gmail.com> wrote:
Colleagues,

I'm pleased to announce the creation of LAMN, the Legion Against Meaningless certificatioNs.  If you don't have a 
CISSP, CISM, MCSE, or EIEIO - and you're proud of it - this group is for you.

You can join LAMN on LinkedIn by searching in the "groups" area.  Unlike so many other certifications, LAMN doesn't 
charge fees, require outrageously overpriced exams, or demand check-the-box continuing education.

Hope to see many people joining this group - and feel free to pass this along!
--Jeremy

P.S. After you join the group, you can proudly write your name <John Doe>, LAMN - which conveniently also stands for 
Letters After My Name.  I can't recall who suggested the term to me, but would be happy to give credit if someone wants 
to step forward and claim credit.
_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________