Firewall Wizards mailing list archives

RE: Certification (was Re:Vulnerability Response)

From: Yinal Ozkan <Yinal.Ozkan () Integralis Com>
Date: Wed, 16 Jun 2004 01:03:49 -0400

Not the certification but the technical tests are very useful to determine
what people "don't" know. I strongly believe in the tests, where the test
takers answers are visible to the evaluators. Instead of a pass/fail score,
individual answers for specific questions will clearly show the technical
expertise of the test taker.

The idea is same as the technical interviews. But tests are closer to real
life since 
a- Time is limited
b- Open book
c- Options are visible
d- results are quantifiable

Implementing regular tests for the technical stuff will increase the quality
(as well as the tension). 

Again, tests are very good to find out what people don't know. (which is a
kind of knowledge level). But they do not measure the upper limits..

Certifications on the other hand show one thing clearly. The person with the
certification has some sort of dedication. Either time or money, something
was spent on that title. A certification is a proof that the holder has
eager to go further.

cheers,
- yinal ozkan



-----Original Message-----
From: Don Parker [mailto:dparker () rigelksecurity com]
Sent: Monday, June 14, 2004 12:24 PM
To: Laura Taylor; 'Gwendolynn ferch Elydyr'; 'Margles Singleton'
Cc: firewall-wizards () honor icsalabs com
Subject: RE: Certification (was Re:[fw-wiz] Vulnerability Response)


The problem with certification is that many times that is the only thing
that HR pesonnel 
have to go by. So and so cert must mean that a person knows what they are
talking about. 
While this is sometimes true it is not a hard and fast rule. Laura is also
quite correct 
in that people skills are also very much important. Too often people with
computer skills 
are a little too arrogant for their own good. Not a good plan is making
management 
feeling like dummies. In an ideal world there would only be technical
interviews and no 
need of certs, however that is not the case.

Cheers,

Don

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.233.HACK
fax:613.233.1788
toll: 1-877-777-H8CK
--------------------------------------------

On Jun 12, "Laura Taylor" <ltaylor () relevanttechnologies com> wrote:

Certification is only a qualifier of technical skills. From my experience,
there is always an obvious solution for the technical problems. The people
problems are much more difficult to solve, and only years of experience
polishes up a person's people skills. Typically what separates junior level
folks from senior level, or executive level, folks is more often not their
technical skills, but their people skills -- at least in my opinion.

Laura Taylor
Relevant Technologies, Inc.
www.relevanttechnologies.com


-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of
Gwendolynn ferch Elydyr
Sent: Friday, June 04, 2004 4:24 PM
To: Margles Singleton
Cc: firewall-wizards () honor icsalabs com
Subject: Certification (was Re:[fw-wiz] Vulnerability Response)


On Thu, 3 Jun 2004, Margles Singleton wrote:

Something I noticed, however:  the SANS conferences draw a large crowd -

but

a very small percentage of those attending ever certify.  I think this
demonstrates that old saw:  "You can lead a horse to water, but you can't
make him think...."


I disagree.  There's a difference between learning and certification. It's
disingenious [although lucrative] to confused the two.

Looking at the costs involved in certification, before addressing the
question of the value of certification:

        Trolling through the SANS web pages, it looks like the course
        fees vary from ~$600 per tutorial, up to ~$900, if you register
        late.

        The GIAC certification is a mere $250 -per certification- with
        the SANS training - $450 -per cert-  without SANS training [all in
        USD, of course].  Recertification [which is required every two
years]
        is $120 [but will cover all the exams that you take].

        The CISSP exam appears to be $450 USD - review courses all appear
        to be in the $2000+ USD range [~$2500 USD on average].

This is before you factor in travel, lodgings, and meals.

If you can persuade your company that training you is valuable, and not
likely to lead to your immediate departure for greener fields, that's
definitely a bonus.

Otherwise, you're looking at significant out-of-pocket costs unless you
elect to challenge the exams [and even then you're looking at $450+ per
exam] - not to mention time away from work, and travel costs if you
don't live in a major metropolitan area.

Moving on to the merits of certification, there's also the question of
whether a certification actually says anything at all about your retained
knowledge and ability, rather than your ability to cram and regurgitate
enough information to pass an exam.

I rather suspect that most of us succeeded in passing exams in high
school and college/university that we'd be hard pressed to fathom today.

That said, those letters are a quick way to get through the HR filters.

cheers!
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
<a href='http://honor.icsalabs.com/mailman/listinfo/firewall-
wizards'>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards</a>

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
<a href='http://honor.icsalabs.com/mailman/listinfo/firewall-
wizards'>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards</a>

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


Please note that:
 
1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this 
confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in 
any other way use or rely on this information.
2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business 
practices.
3. The contents of this email are those of the individual and do not necessarily represent the views of the company.
4. The company does not conclude contracts by email and all negotiations are subject to contract.
5. The company accepts no responsibility once an e-mail and any attachments is sent.

http://www.integralis.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Certification (was Re:Vulnerability Response) Don Parker (Jun 14)
- <Possible follow-ups>
- RE: Certification (was Re:Vulnerability Response) Crissup, John (MBNP is) (Jun 16)
- RE: Certification (was Re:Vulnerability Response) Yinal Ozkan (Jun 16)
  - Re: Certification (was Re:Vulnerability Response) Devdas Bhagat (Jun 17)
- RE: Certification (was Re:Vulnerability Response) DRISCOLL, ROBERT (Jun 18)