Re: [fw-wiz] Certification ?
From: Victor Williams (vbwilliams_at_neb.rr.com)
To: firstname.lastname@example.org Date: Fri, 18 Jun 2004 17:45:16 -0500
I used to have this way of thinking...but I think certifications hold
the same importance as implementing security practices. Done the right
way, they add value. Done the wrong way, they don't mean a thing and
will sometimes actually hurt you.
I have presently, and have had several certifcations from MCSE to RHCE
to certain security clearances for certain types of work. The MCSE I
*had* doesn't mean a thing in the environment I work in now because the
depth at which we use Microsoft products, and the practical knowledge of
things that you learn in an MCSE training AND test coursework don't
jibe. When I applied for the job, I didn't even state that I had an
MCSE certification at the time...I didn't think it applied.
However, I also have an RHCE certification. Although I didn't find
getting it challenging (because I've been working with Linux in general
in production environments for the better part of 12 years), over 2/3 of
the class that I took the refreshers with didn't stay for either the
RHCT or RHCE test because they weren't ready...and those who did stay,
only 40% of them passed the RHCT test...I don't know who passed the RHCE
portion. That being said, not all certifications are created equal, and
the certification you get can add value to your experience, as well as
increase your chances of getting *noticed* for another potential
position, and possibly make doing something in the future a bit easier.
Example: I didn't know as much about the 5-6 different bootloaders in
Linux before I went into the RHCE course/exam...but I knew a hell of a
lot about GRUB and LILO afterwards because that's what the bootloader
section focuses on. Now, when I want to do a task that involves a
bootloader of a couple different varieties, I don't have to consult
manpages...it's in my head...it was drilled into my head permanently in
that week in June of 2003. When you can see the practical application
of something, it makes it more worthwhile, and often times you don't
I have been a part of proposals for contracts where the only deciding
factor in my organization getting contracts was the existence of a
person versed in Linux, and having what they considered a high-level
certification for this particular project...that being RHCE because
their deployment strategy leaned heavily on open-source solutions.
I guess what I'm getting at, is maybe certs are worthless for the people
getting them in some regards (maybe they don't need them, except to have
an acronym behind their name). But for some folks who are versed in the
products they become certified in (and the certifications test on
somewhat practical knowledge, not just multiple choice questions--the
RHCE test was like this), sometimes it can mean the difference in a
couple million dollars if your company is bidding on a contract or two.
Often times--and I find especially in government--it is the only thing
your proverbial foot-in-the-door is going to be based on...how many
acronyms are after your name, and how long your resume says you've been
doing things with direct correlation to the acronyms after your name.
Not saying it's right...I'm just saying that's often the way it is. To
ignore that or get angry because of it is kind of pointless. Until the
general technology-hiring populace gets smarter/wiser (which may not
happen, because technology advances faster than the general public can
keep up), this will always be the case.
Pick your certifications carefully, and make sure they apply to what
your experience/expertise is and what you want it to be.
>I'm gagging on this "certification" thing.
>Certs / Exams are a determiner of MEMORY ability ... the number of related / unrelated details that a person can REMEMBER / RECAL in a time-restricted environment.
>REAL life not only involves memory of facts but memory of where to LOOK for answers and finding them in what ever resource is available.
>In my personal life, I repair cars, washing machines, deal with my children, do computer "consulting" work, answer tech-support phone calls, build firewalls, manage three properties, etc., etc. and there's NO WAY in (hades) that a person can know ALL the answers even MOST of the time in a time-restricted environment ... and that's why theres RESOURCES to which a person can turn to for the answers.
>REAL LIFE isn't even about knowing all the answers but often includes FINDING answers for the 1st time !! And doing so quickly ... OR ... simply doing so RELIABLY ...
>It's about wisdom. It's not just about "knowledge" but what to do with that knowledge.
>Case in point. I worked for an engineering firm. They hired a young fellow who, in high school, was a wizz ... graduated at 15 ... went to Clarkson University ... again, a wizz. Graduated with high marks. Went to work for our engineering firm and couldn't do ANYTHING right, when it came to PRACTICAL application of what he knew.
>Sadly MANY QUALIFIED people are overlooked because of issues of "certification" or "university degree".
>It's a fact of life. It's exacerbated by the fact that now-a-days you can BUY your damn cert and STILL know NOTHING about what you're doing, in a PRACTICAL APPLICATION sense !!
>There are certified and well degreed people working at firms which have been hacked / digitally vandilized / violated ( you fill in the adjective ). Can you think of a few ?
>Cert Smert !!
>They're as reliable, PERHAPS, as a "lie-detector" or Graphology ... perhaps ... maybe even as reliable as the qualifications of the CIA personnel (plural) who recommended that the USA / UK go into Iraq ... MAYBE ...
>firewall-wizards mailing list
firewall-wizards mailing list