Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Certifications: Not worth the paper they are printed on?

From: John Mason Jr <john.mason.jr () cox net>
Date: Mon, 06 Oct 2008 12:37:39 -0400
Jon Kibler wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jay D. Dyson wrote:

On Sun, 5 Oct 2008, Jon Kibler wrote:


Yesterday I was reading a blog where someone with no security
experience whatsoever was grousing that they flunked the Security+
exam. The blogger also claimed to have over 100 certifications. In my
opinion, that many certifications undoubtedly qualifies this blogger
to be the Poster Boy for everything that is wrong with the
certification process.

First off, let's see the URL.


http://certcities.com/editorial/columns/story.asp?EditorialsID=176


Secondly, let's see this list of certifications this blogger claims s/he
possesses.  Suffice it to say some fact-checking is in order before
flying off the handle about the certification process being "broken."


<SNIP!>

It was not on the basis of this individual's claims -- true or false may
they be -- that I based this commentary. It is based on personal
experience dealing with a seemingly endless stream of 'certified'
individuals that have zero real world ability. In fact, for the
non-hands-on certifications, in my personal experience, I would say that
more individuals having these 'book certifications' are incapable of
doing 'real work' that those that are good technical workers.

Too many people have simply decided that "if I get certified, then that
means I am qualified to do the work." Absolutely, completely, and
totally wrong in both my opinion and my experience.

The process today is completely backwards. For certifications to be
meaningful, you must first get the experience, then get the
certification that validates your experience. Not the other way around!
Companies need to invest in setting up programs that provide training and mentorship to the new folks otherwise the experience is of lessor value, and the new folks end up being the errand boys for the more experienced without opportunities to learn.
If you want good people you need to expend the effort to find them and train them, don't make it HR's responsibility to hire good people . 


John


------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in Securing Web Applications 
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: