Re: Certifications: Not worth the paper they are printed on?

[Matt - MRS Security <matt () mrssecurity com>]

Jay D. Dyson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sun, 5 Oct 2008, Jon Kibler wrote:
>
> > Yesterday I was reading a blog where someone with no security 
> > experience whatsoever was grousing that they flunked the Security+ 
> > exam. The blogger also claimed to have over 100 certifications. In my 
> > opinion, that many certifications undoubtedly qualifies this blogger 
> > to be the Poster Boy for everything that is wrong with the 
> > certification process.
>
> First off, let's see the URL.
>
> Secondly, let's see this list of certifications this blogger claims 
> s/he possesses.  Suffice it to say some fact-checking is in order 
> before flying off the handle about the certification process being 
> "broken."
>
> To be perfectly blunt, just because someone *claims* they have "over 
> 100 certifications" doesn't mean they actually do.  Based on that 
> simple reality, I have to dismiss outright your claim that there's 
> anything broken about today's certifications at all.
>
> Let's get serious: anyone can claim they've got 100 certifications or 
> are members of MENSA, MEGA or Dorks of America, but that doesn't prove 
> that they are.  What's more, that they're grousing about their own 
> personal failures is a reflection on no-one's shortcomings save their 
> own.
>
> Are there clueless people who have certificates?  No matter what 
> vetting process exists, there's always going to be book-smart and 
> reality-stupid people.  But to claim the certification process is 
> broken based on the bellyaching of one person isn't just wrongheaded, 
> it's ridiculous.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (TreacherOS)
> Comment: See http://www.treachery.net/~jdyson/ for current keys.
>
> iD8DBQFI6VT5Iu2Fkdy0GOwRAuMvAJ4rZYnlCaouqCWC6VBOZSOzcK9SKQCg3BZA
> pCxGLM3Q7CF2nTKZDh9/OLc=
> =ydhl
> -----END PGP SIGNATURE-----
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
Some of us are just c4ap at exams or cannot grasp the concept of the 
subject.

I personally hate written exams, and really struggle with them - i 
prefer practical exams as i can easily apply my methodology of thinking 
and revising to it - i.e. i do something once, and i can remember it.

Exams are primarily there to show that you understand the subject and 
can recall specific areas and apply that knowledge. Nowadays with the 
concept of the internet anyone can just google an answer.

To be honest IMHO this list should have a specific FAQ with a list of 
exams etc that we can point people towards - this would cut down on the 
continous requests for "what exam should i do" and stop needless threads 
on the subjects..

~ M

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------