Firewall Wizards mailing list archives

RE: Certification (was Re:Vulnerability Response)

From: "Don Parker" <dparker () rigelksecurity com>
Date: Mon, 14 Jun 2004 12:24:11 -0400 (EDT)

The problem with certification is that many times that is the only thing that HR pesonnel 
have to go by. So and so cert must mean that a person knows what they are talking about. 
While this is sometimes true it is not a hard and fast rule. Laura is also quite correct 
in that people skills are also very much important. Too often people with computer skills 
are a little too arrogant for their own good. Not a good plan is making management 
feeling like dummies. In an ideal world there would only be technical interviews and no 
need of certs, however that is not the case.

Cheers,

Don

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.233.HACK
fax:613.233.1788
toll: 1-877-777-H8CK
--------------------------------------------

On Jun 12, "Laura Taylor" <ltaylor () relevanttechnologies com> wrote:

Certification is only a qualifier of technical skills. From my experience,
there is always an obvious solution for the technical problems. The people
problems are much more difficult to solve, and only years of experience
polishes up a person's people skills. Typically what separates junior level
folks from senior level, or executive level, folks is more often not their
technical skills, but their people skills -- at least in my opinion.

Laura Taylor
Relevant Technologies, Inc.
www.relevanttechnologies.com


-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of
Gwendolynn ferch Elydyr
Sent: Friday, June 04, 2004 4:24 PM
To: Margles Singleton
Cc: firewall-wizards () honor icsalabs com
Subject: Certification (was Re:[fw-wiz] Vulnerability Response)


On Thu, 3 Jun 2004, Margles Singleton wrote:

Something I noticed, however:  the SANS conferences draw a large crowd -

but

a very small percentage of those attending ever certify.  I think this
demonstrates that old saw:  "You can lead a horse to water, but you can't
make him think...."


I disagree.  There's a difference between learning and certification. It's
disingenious [although lucrative] to confused the two.

Looking at the costs involved in certification, before addressing the
question of the value of certification:

        Trolling through the SANS web pages, it looks like the course
        fees vary from ~$600 per tutorial, up to ~$900, if you register
        late.

        The GIAC certification is a mere $250 -per certification- with
        the SANS training - $450 -per cert-  without SANS training [all in
        USD, of course].  Recertification [which is required every two years]
        is $120 [but will cover all the exams that you take].

        The CISSP exam appears to be $450 USD - review courses all appear
        to be in the $2000+ USD range [~$2500 USD on average].

This is before you factor in travel, lodgings, and meals.

If you can persuade your company that training you is valuable, and not
likely to lead to your immediate departure for greener fields, that's
definitely a bonus.

Otherwise, you're looking at significant out-of-pocket costs unless you
elect to challenge the exams [and even then you're looking at $450+ per
exam] - not to mention time away from work, and travel costs if you
don't live in a major metropolitan area.

Moving on to the merits of certification, there's also the question of
whether a certification actually says anything at all about your retained
knowledge and ability, rather than your ability to cram and regurgitate
enough information to pass an exam.

I rather suspect that most of us succeeded in passing exams in high
school and college/university that we'd be hard pressed to fathom today.

That said, those letters are a quick way to get through the HR filters.

cheers!
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
<a href='http://honor.icsalabs.com/mailman/listinfo/firewall-
wizards'>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards</a>

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
<a href='http://honor.icsalabs.com/mailman/listinfo/firewall-
wizards'>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards</a>

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Certification (was Re:Vulnerability Response) Don Parker (Jun 14)
- <Possible follow-ups>
- RE: Certification (was Re:Vulnerability Response) Crissup, John (MBNP is) (Jun 16)
- RE: Certification (was Re:Vulnerability Response) Yinal Ozkan (Jun 16)
  - Re: Certification (was Re:Vulnerability Response) Devdas Bhagat (Jun 17)
- RE: Certification (was Re:Vulnerability Response) DRISCOLL, ROBERT (Jun 18)