funsec mailing list archives
Re: "Skills gap"?
From: John Bambenek <bambenek.infosec () gmail com>
Date: Thu, 29 Nov 2012 09:39:03 -0600
Oh, some people try to write a good test and we can have a nice discussion about psychometrics and the lot, but at the end, we haven't even figured out K-12 testing. It's a hard problem with no solution.
In our field, we need to be able to DO things, not be able to recite knowledge. And testing the ability to DO things in an objective way can be kinda hard.
So, until then, resume your regularly scheduled hoop jumping and ransom-pay for your CISSP certs ;)
On 11/29/12 7:31 AM, Rich Kulawiec wrote:
On Sat, Nov 24, 2012 at 09:24:29PM -0600, John Bambenek wrote:That said, I've been helping write/audit SANS certifications for awhile. I'm simply ineligible to take them (for what should be obvious reasons). I got real tired of submitting resumes and being told I need a GSEC/GCIH/et al. I'd respond with I wrote part of the question bank and some HR bean counter just didn't get it and insisted I needed the paper. I ended up taking the CISSP cold one weekend just to have something and even then I got tired of paying the annual ransom for letters that meant nothing.Certifications are, in theory, a good idea. Certifications are, in practice, crap. Which isn't surprising really, if one takes Deep Throat's advice and follows the money. It rapidly becomes obvious that certification programs are designed to maximize revenue, not to promote and/or measure expertise. (Even those that start out with the latter goal and the best of intentions inevitably gravitate to the former.) This is a problem particularly in the security arena because, as you astutely point out, HR bean counters look for them and resumes without are routinely roundfiled -- never mind that the senders of those resumes could *easily* be the most qualified applicants by a wide margin. They have become a shortcut for the technically illiterate and the impatient, and unfortunately they're a shortcut that doesn't work. I don't have any (viable) idea how to fix this. ---rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- "Skills gap"? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 24)
- Re: "Skills gap"? Paul Ferguson (Nov 24)
- Message not available
- Message not available
- Fwd: "Skills gap"? Paul Ferguson (Nov 24)
- Message not available
- Re: Fwd: "Skills gap"? Paul Ferguson (Nov 24)
- Message not available
- Re: "Skills gap"? Paul Ferguson (Nov 24)
- Re: "Skills gap"? Kyle Creyts (Nov 24)
- Re: "Skills gap"? rackow (Nov 24)
- Re: "Skills gap"? John Bambenek (Nov 24)
- Re: "Skills gap"? Rich Kulawiec (Nov 29)
- Re: "Skills gap"? John Bambenek (Nov 29)
- Re: "Skills gap"? Blanchard, Michael (InfoSec) (Nov 29)
- Re: "Skills gap"? John Bambenek (Nov 29)