Err, I wagered 90 days for Win2k3 in the "Secure by Default" column (dunno who said "60", though he was a lot closer) - check the talkbacks, eh? ;)

Having an MCSE was a requirement at the time, and I have been saddled with it ever since. However, instead of simply sitting back and laughing as many are wont to do, I prefer to see if it can be made into a competency-based cert, something that will be worth more than half a typical *ix admin's wages (seriously - the average MCSE salary is half that of the average *ix admin's salary.)

But then, this whole cert thing has been cycling for a long time now, in an endless "hot cert, not cert" curve. Anyone know of too many positions outside of Utah requiring a CNA/CNE these days? (and for the newbies among us, CNA in this instance has nothing to do with nursing ;) )

I mean, it's just nature in action - first (among the biggies) was the Novell certs, then the MCP/MCSE, CCNA/CCIE, Oracle, etc etc. Nowadays the Security certs are emerging. Tomorrow it will prolly be the web world's CIW as the 'hot cert' for all we know.

If you want to break this cycle, then it is time to quit relying on the old question battery format and begin actually testing the candidates' hands-on knowledge instead.

My suggestion? Make 'em write scripts that actively defend the network, make 'em harden the network in a way that will hold up to a concerted attack, make 'em put in and analyze detection and forensics equipment that will last for more than five minutes under the axe of a clumsy script kiddie.

What I do know is, the most successful folks out there aren't the ones chasing the latest greatest certifications... they're the ones actually taking the time to know WTF they're doing.

/P




[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/166/20401#20401