Security Jobs Discussion
Certifications bubble?? Feb 01 2006 09:03PM
mr nasty ix netcom com
I just read an old article on SC Magazine, (I?m catching up.)

?Time to pop the certification bubble?, by Ron Condon Dec 3 2004 16:17. Basically he states, ?Are professional standards really slipping?? The article states that ?the industry's leading certification dismissed as being "a mile wide and an inch thick? and ?an explosion of low-value certifications, that offer little indication of a person's ability to perform anything but the most mundane tasks?.

When I was a practicing tax preparer I was in competition with CPA?s. This certification is objective to the extent it has a lot of math word problems associated with various regulations governing a specific set of transactions. Believe me when I say I saw my share of CPA?s who would better serve Hallmark Greeting Cards as a shelf stocker.

I have to agree that the certifications don?t do any more for a person than provide them with a piece of paper they can hang on the wall. And I?ve seen my share of CISSP?s, CISA?s, and CISM?s who would probably be better off with Hall Mark. Most of these people are not very technical. Neither are the CPA?s. Most CPA?s specialize in something. Most people think a CPA does everything associated with accounting from, cost to tax to valuation to investments to everything there is to know about accounting. Maybe in the first five years after graduation they get their feet wet in all these but soon afterwards they start to specialize.

The same goes for the other certifications. Most people who hold these certifications seriously begin to specialize. True most are not your DEFCON hacker able to leap over firewalls with a single bound, or run faster than traffic across a gigabit network router. No most of these people like CPA?s become administrators. Although it?s not the nuts and bolts of the command line of a CISCO router it is one if not the most important parts of any security division.

Don?t believe me; try providing your verbal explanation to the next IT auditor for validation. I?m not too technical myself. Sometimes I think I might be, I mean I can harden most windows and *nix operating systems. I know how to patch them. I know how to run various port and vulnerability scanners. I can usually set up a nessus server pretty quick depending on my access. I?ve written Disaster Recovery Plans, and provided forensics information for ftp hacks from Europe. But I seriously don?t consider myself ?TECHNICAL?.

Programmers are technical, Technicians are technical, and Security Professionals are among many things, analysts.

Now one of the other issues I took to heart was the idea that ISSA allowed certification holders ?to earn CPE?s (continuous professional education) points in trivial ways, such as by attending an exhibition or officiating at an exam?. I have a question for you Ron. Have you ever checked to see how much it costs for one hour of CPE? Ron, dear (if you?re still a journalist) I just registered for CIS security conference this summer. The cost, a whopping $3,800.00 this doesn?t include the hotel, the car and my per diem. The total cost should come to what you would consider chump change oh $6,000.00. I?m sure every CISSP or other certification that REQUIRES 120 hour of CPE every 3 years can afford that! Ron sonny boy, and I say sonny boy because you are obviously too young to understand the value of a dollar. For just 40 hours of CPE that comes to $150.00 per hour. Maybe we should pass this cost on to our Employer, that?s a good incentive for them to find their informatio
n security some place at a lesser cost. Good planning.

For 120 hours Ron just in case you don?t have a calculator at your desk, (even if you did I doubt you know how to use it) for a rich boy like you daddy can dish out only $18,000.00. Figured if I didn?t cost this out for you, you?d probably be looking at this like my dog does when I flatulent. I know I?m attacking you but after reading your article (I?m catching up) I feel a bit angry that I wasn?t invited to the SC Forum.

The other thing I?ve noticed is that most people who can?t pass these exams usually find one incident and hang on like a PDF in the middle of the ocean, (get the analogy) it to justify why they didn?t pass.

I?m off my soapbox, I guess I should let you know, I?m a CISSP, CISA, CISM and the President of the local chapter. I teach candidates for the CISSP and the CISA every year. Next time you hold one of your Forums invite me if you can handle the truth!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus