Security Basics mailing list archives
Re: RE: Value of certifications
From: nomail () hotmail com
Date: 30 Apr 2007 16:47:32 -0000
There are some good points in this thread. I think the current schema of IT related certifications is broken. The certs that exist are largely irrelevant or overly broad or narrow in focus. They are also ridiculously expensive. I took the CISSP last year and went into the test sweating bullets. After the test, I realized how painfully easy it was, and was thankful that my employer had paid for it rather than myself, because the test was not worth $500. If a vendor wants to limit the number of people that take and pass a test, then they should do so by making the test challenging, not expensive. SANS is also guilty of this, as James has illustrated. I am confident that I have the knowledge to pass several of their tests, but I am not going to try unless my employer pays, as they are also expensive. Especially if one wants to take a test without attending one of their classes. It is clear that SANS is out to make money, and while they should make some coin on their certificatio n and training program, their current cost model is prohibitively expensive for all but the independently wealthy and those with generous employers. Add in some of the other cert programs, like EC Council and some vendors, and you get cheaper certifications, but the tests for these certs are often poorly written and not very challenging, either. And vendor tests often test for the "vendor answer," which in most cases is not necessarily the right answer. As the saying goes, "there is the right answer, the wrong answer, and the Microsoft answer..." Furthermore, the recertification process for many certifications is a circus. While I understand the need to maintain a current level of knowledge to keep current in the industry, trying to use that as a measuring stick for maintaining a certification is counterproductive (as in the CISSP). Especially when a person is presented with few actual formal training opportunities. Retesting is also ineffective, because it requires the tests to be revised at the pace of the technology they are based on, and in most cases a current certification holder will crash the week before the test (or get a braindump) and pass. At that point, are they being tested on their knowledge of the industry, or on their ability to quickly memorize some key facts? But if we take away the certifications, then there is no real way for an employer to gauge a prospective employee's knowledge and experience level. While placing all of one's stock in a candidate's ability to pass a test is admittedly flawed, it is also admittedly hard to compare a candidate with a lot of initials after their name with one who hasn't one cert. With the increase in emphasis in certs, the problem is going to only get worse, not better. Everyone in our industry needs to realize that certs are not the end-all, be-all that their purporters claim, and more importantly, we need to act on this knowledge just as we do other snake oil salesmen and knock the importance of these tests down a few notches. Certifications have their place, but they need to be fairly priced, accurately represented, not used as a marketing tool, and industry-recognized. I like the ASE analogy. Too bad it won't happen here.
Current thread:
- Re: Re: RE: Value of certifications, (continued)
- Re: Re: RE: Value of certifications xyz (Apr 25)
- RE: Value of certifications Craig Wright (Apr 25)
- Re: RE: Value of certifications dave_p19 (Apr 25)
- RE: Value of certifications Craig Wright (Apr 26)
- RE: RE: Value of certifications Craig Wright (Apr 26)
- Re: Re: RE: Value of certifications purpleslog (Apr 27)
- Re: Re: RE: Value of certifications nate kelly (Apr 30)
- RE: Re: RE: Value of certifications Utz, Ralph (Apr 30)
- Re: Re: RE: Value of certifications nate kelly (Apr 30)
- Re: RE: Value of certifications Nathalie Vaiser, RFC, FMM (Apr 27)
- Re: RE: Value of certifications nat (Apr 30)
- Re: RE: Value of certifications nomail (Apr 30)
- RE: RE: Value of certifications J.M. Seitz (Apr 30)
- Re: RE: Value of certifications jlehman (Apr 30)
- Re: Re: Re: RE: Value of certifications jlehman (Apr 30)
- RE: RE: Value of certifications Devin Rambo (Apr 30)
- RE: RE: Value of certifications Buyer, David (Apr 30)
- RE: RE: Value of certifications Jason P. Rusch (Apr 30)
- RE: RE: Value of certifications Buyer, David (Apr 30)