OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Certifications: Not worth the paper they are printed on?

From: John Mason Jr (john.mason.jrcox.net)
Date: Mon Oct 06 2008 - 11:37:39 CDT

Jon Kibler wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jay D. Dyson wrote:
>
>> On Sun, 5 Oct 2008, Jon Kibler wrote:
>>
>>
>>> Yesterday I was reading a blog where someone with no security
>>> experience whatsoever was grousing that they flunked the Security+
>>> exam. The blogger also claimed to have over 100 certifications. In my
>>> opinion, that many certifications undoubtedly qualifies this blogger
>>> to be the Poster Boy for everything that is wrong with the
>>> certification process.
>>>
>> First off, let's see the URL.
>>
>
> http://certcities.com/editorial/columns/story.asp?EditorialsID=176
>
>
>> Secondly, let's see this list of certifications this blogger claims s/he
>> possesses. Suffice it to say some fact-checking is in order before
>> flying off the handle about the certification process being "broken."
>>
>
> <SNIP!>
>
> It was not on the basis of this individual's claims -- true or false may
> they be -- that I based this commentary. It is based on personal
> experience dealing with a seemingly endless stream of 'certified'
> individuals that have zero real world ability. In fact, for the
> non-hands-on certifications, in my personal experience, I would say that
> more individuals having these 'book certifications' are incapable of
> doing 'real work' that those that are good technical workers.
>
> Too many people have simply decided that "if I get certified, then that
> means I am qualified to do the work." Absolutely, completely, and
> totally wrong in both my opinion and my experience.
>
> The process today is completely backwards. For certifications to be
> meaningful, you must first get the experience, then get the
> certification that validates your experience. Not the other way around!
>
>
Companies need to invest in setting up programs that provide training
and mentorship to the new folks otherwise the experience is of lessor
value, and the new folks end up being the errand boys for the more
experienced without opportunities to learn.

If you want good people you need to expend the effort to find them and
train them, don't make it HR's responsibility to hire good people .

John

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------