Wow. I understand your frustration with the requirement. What I have found
is that many employers put out a requirement but look at the whole package
before dismissing the candidate if they feel the candidate is qualified. I
have applied for, and gotten many position that had requirements I didn't
meet - bachelors degree, more experience, specific products, etc. It was a
requirement but my experience was enough to have them interview and
subsequently hire me.

The reason for the 3 years experience is to prevent the certification from
being watered down with people who can't do the work. A good example is the
CNE program, and to a slightly lesser extent, the MCSE program over the last
couple years. People were studying the material, passing the test, getting
the certifications, and then couldn't do the work. The is where the term
'Paper CNE' and 'Paper MCSE' came from. I knew someone who was an MCNE
(Master Certified Netware Engineer) and didn't understand why a cable would
work on token ring over Cat 5 but wouldn't work on Ethernet (It was a broken
wire in the cable - different wire pairs were in use). She was a great
teacher (also a CNI) but couldn't fix a problem to save her life. I watched
one employer get rid of over half the candidates that made it through the
interview by asking them to add a half dozen users to a system and assign
permissions. (Nearly half couldn't do it properly.)

There are a few ways to combat this - making the tests such that practical
experience is necessary to pass them, require a practical exam, or require
experience in the field.

The first is what Microsoft is doing with their new exams. They are making
the questions more difficult and forcing the candidates to rely on practical
experience to pass the exams (or at least that's what they want to think).
This is working to weed out some of the people hoping to just run in and
pick up the MCSE, but it's not that effective overall.

The second works well with highly technical, highly defined certifications.
Examples would be the practical exams required for CCIE (Cisco) and RHCE
(RedHat-Linux). The scope is clearly defined for the technical requirements
and practical experience is a necessity to be effective on the practical
exam. Scheduling is an issue (especially with the CCIE - which takes 2 days
to complete) as well as setting a specific level when more than one person
proctors the exam.

Finally, the one required by the CISSP has long been used in fields outside
of the IT industry. Electricians have long used this method for
advancement. Journeymen Electricians start out with grunt work and with
experience, study, and testing they more up to higher pay and rewards. The
reason this works is if you're not willing to stick to the field you'll go
to something else. Admittedly this is not always the easiest to do in the
IT field because they want experience before they'll hire you, and you can't
get experience until you get hired in the field. It's not attempting to
create an elite, it's attempting to create a certification that's a fair
judgment of a basic level of understanding in a professional that's
dedicated to the field and will stick with it. Fortunately it keeps the
people who are just trying to pad their resumes out. If you're trying to
pad your resume with certifications most people aren't going to put in 3
years for a certification just to put on their resume.

To summarize, I understand your frustration - I've been in a similar
situation, but if the certification and working in the field is important to
you then you'll appreciate the certification standing for something when you
finally earn it. It was disappointing and frustrating to watch my MCSE mean
less and less over the years because of the people watering down the
certification.

Well that's my 2 cents worth - as learned from watching students and peers
over the least 10+ years in the IT field.

Ed Spencer
MCSE/MCT/CNA/MCP/A+/Network+
Security Analyst - IS Security
Renaissance Worldwide, Inc. - Walt Disney World
 
This communication is confidential, intended only for the named recipient(s)
above and may contain trade secrets or other information that is exempt from
disclosure under applicable law. Any use, dissemination, distribution or
copying of this communication by anyone other than the named recipient(s) is
strictly prohibited. If you have received this communication in error,
please immediately notify us by calling (407) 566-5195. The ideas,
opinions, and information expressed within the above email are the express
sole opinion of the author and are not the opinion of the Walt Disney World
Corporation. Thank you.

-----Original Message-----
From: Tom Watson [mailto:tom.watson@defcom.com]
Sent: Friday, June 29, 2001 8:52 AM
To: Brigitte Grieger
Cc: Spencer, Ed M. -ND; rudy@thummy.com; cisspstudy@securityfocus.com
Subject: RE: CISSP or SSCP?

<snipped - long rant with valid questions>

Anyone agree with me at all, or am I on my own on this one?

Tom

<original question and other replies>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]