Re: Network Security Certification

["Joseph S. D. Yao" <jsdy () cospo osis gov>]

> given that a computer science degree does not mean that you can program
> only that you have some basic knowledge and an ability to learn.

Grumble, grumble, grumble.

A computer science degree SHOULD say that you know something about
computer sciences - the mathematical support structure of our field of
knowledge.  As with many physicists who don't know how to build a sand
castle, not to mention mathematicians who can't reliably do arithmetic
and balance checkbooks, I know some excellent computer scientists who
really don't do any programming.

Anybody can program.  Many "computer science" degrees are, in fact,
just degrees in programming - which mean that the person who has them
can write programs.  But cannot design, debug, re-use, plan, lead a
team, or do any of the things that a proper software engineer - yet a
different category! - should be able to do.

Ob. on-topic: just as the field is not yet sufficiently mature that
these different categories are correctly distinguished, so possibly the
field of computer security is not sufficiently mature that the title of
"expert" can be sufficiently tested for.  I am told I'm a computer
security "expert" - "Because you know more than most of the people
here."  And yet before many of you I'm as a rank amateur.

And it may turn out that there IS no one certification or test that can
show a person's professionalism.  In the classical model of a software
development team, there are many different roles to play; and one of
the marks of a good team leader is that he or she will be able to use
people's strengths in those different roles.  In system administration,
SAGE has just had a long argument about whether to be for or against
CNE-type certification of system administrators; and the view that had
the most support was to have exams in various sub-topics that would
show a person's relative strengths and weaknesses, perhaps at first
primarily so that a person could do a self-evaluation on how much more
they should study a topic before they feel that they understand it.
[These sub-topics were called "merit badges".  ;-)] And in computer
security, perhaps something similar would be useful.

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO Computer Support                                          EMT-A/B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.