I think this has been a problem in the IT industry for several years now. If it is essential for a system administrator to analyze/solve problems on the fly, how do you test for this ability?

One approach is, of course, the "large body of general knowledge" factor, figuring that if you know a lot of little things it will make solving the bigger thing easier.

Counter: "But why would I want to waste time learning all these little things when they are only one Google search away?"

Well... maybe knowing Fact A and Fact B together will lead you to Fact C and Fact C solves your problem. This approach comes down to how good you are at collating your general knowledge into useful problem solving. The larger your body of general knowledge, the less time it takes for you to figure things out (generally speaking--no pun intended).

So herein lies the problem: The assumption that general knowledge is equal to problem solving.

Everyone knows at least one “buzz word” person. You know what I am talking about. Those smooth talking “techies” who go on and on about how XML stands for eXtensible Markup Language? Or never fail to offer meaningless suggestions (“did you check the TTL of the IP packets?”) while you are trying to fix a problem (why the RAID array isn’t mirroring your data)? They have a tremendous store of useless trivia and buzzwords. They got hired because they have IT Certifications. But in reality, they’ve only spent a marginal amount of time administrating a network. Or even using a computer! But they can quote test questions and answers like it was their job. These people are the end result of the “large body of general knowledge” certifications.

Counter: “It’s all well and good to bash the current testing standards, but what else is there?”

Another approach? How about hands-on lab tests like in the RHCE exam? I don’t know one person who has this certification and is not fully capable of administering a large RedHat network. If you see RHCE on a resume, you know that the individual is competent—there is no need to pose that stupid question during the interview (“So, how would you setup the login scripts?”).

Why would CISSP hide their test results anyway? To control the number of people who are certified, thus making the certification worth more. Hide the results, pass enough people to make it look like a difficult test, and then raise the price because the certification must be worth the money--look at all the people who failed.

I have never taken the CISSP, but I have had managers ask me when I plan on taking it. All I have to say to them is, "When it gets me a ten percent raise"--that shuts them up fast enough.




[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/67/11014#11014