Re: INFOSEC: Certifiably Certified

[InfoSec News <isn () c4i org>]

Forwarded from: DKezer () dyncorp-dc com

Could you point me to one of these organizations that are hiring on
the basis of certification?  All of the ones I have seen use
certification in conjunction with documented experience, education,
and usually a technical interview.  The cert is just one of the items
the recruiter screens against. 

I know of one Novell admin that got moved to Windows (reluctantly). 
He has made no effort to really learn the system, and certainly no
effort to get certified.  When his current job ends (soon) he will
fail in at least 2 of those four areas when he looks for a new
position since even Novell has moved on past him while he had his
current stint.  It generally gets noticed when you are demonstrating
some ambition and learning more than the current assignment requires.

What is scarier is hiring on the basis of a clearance. If the job
requires it the paper cert with a TS will beat out the uncleared guru
every time.  Look at Matthew Patton's message yesterday on the
headaches that can lead to (Re: [ISN] Cyber bill gets boost).

Dennis Kezer

> On Wednesday 23 October 2002 11:44 pm, InfoSec News wrote:
> > eyes of a third party is foolish. Haphazardly hiring security
> > personnel on the basis of a certification for which there is not
> > even a standard (such as ISO 17799) is a reckless endangerment of
> > the hiring organization's resources. Furthermore, given the
> > interconnected nature of the Internet, in some cases, this has the
> > real possibility of adversely affecting security across the Internet
> > in general.
>
> Heh. Something I've been saying for years.
>
> Strange, how some of these people can become rather pompous in their
> insistence that nobody uncertified could possibly be competent.

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.