Re: [fw-wiz] Certification ?

From: Victor Williams (
Date: 06/19/04

  • Next message: DRISCOLL, ROBERT: "RE: Certification (was Re:[fw-wiz] Vulnerability Response)"
    Date: Fri, 18 Jun 2004 17:45:16 -0500

    I used to have this way of thinking...but I think certifications hold
    the same importance as implementing security practices. Done the right
    way, they add value. Done the wrong way, they don't mean a thing and
    will sometimes actually hurt you.

    I have presently, and have had several certifcations from MCSE to RHCE
    to certain security clearances for certain types of work. The MCSE I
    *had* doesn't mean a thing in the environment I work in now because the
    depth at which we use Microsoft products, and the practical knowledge of
    things that you learn in an MCSE training AND test coursework don't
    jibe. When I applied for the job, I didn't even state that I had an
    MCSE certification at the time...I didn't think it applied.

    However, I also have an RHCE certification. Although I didn't find
    getting it challenging (because I've been working with Linux in general
    in production environments for the better part of 12 years), over 2/3 of
    the class that I took the refreshers with didn't stay for either the
    RHCT or RHCE test because they weren't ready...and those who did stay,
    only 40% of them passed the RHCT test...I don't know who passed the RHCE
    portion. That being said, not all certifications are created equal, and
    the certification you get can add value to your experience, as well as
    increase your chances of getting *noticed* for another potential
    position, and possibly make doing something in the future a bit easier.
    Example: I didn't know as much about the 5-6 different bootloaders in
    Linux before I went into the RHCE course/exam...but I knew a hell of a
    lot about GRUB and LILO afterwards because that's what the bootloader
    section focuses on. Now, when I want to do a task that involves a
    bootloader of a couple different varieties, I don't have to consult's in my was drilled into my head permanently in
    that week in June of 2003. When you can see the practical application
    of something, it makes it more worthwhile, and often times you don't
    forget it.

    I have been a part of proposals for contracts where the only deciding
    factor in my organization getting contracts was the existence of a
    person versed in Linux, and having what they considered a high-level
    certification for this particular project...that being RHCE because
    their deployment strategy leaned heavily on open-source solutions.

    I guess what I'm getting at, is maybe certs are worthless for the people
    getting them in some regards (maybe they don't need them, except to have
    an acronym behind their name). But for some folks who are versed in the
    products they become certified in (and the certifications test on
    somewhat practical knowledge, not just multiple choice questions--the
    RHCE test was like this), sometimes it can mean the difference in a
    couple million dollars if your company is bidding on a contract or two.
    Often times--and I find especially in government--it is the only thing
    your proverbial foot-in-the-door is going to be based many
    acronyms are after your name, and how long your resume says you've been
    doing things with direct correlation to the acronyms after your name.
    Not saying it's right...I'm just saying that's often the way it is. To
    ignore that or get angry because of it is kind of pointless. Until the
    general technology-hiring populace gets smarter/wiser (which may not
    happen, because technology advances faster than the general public can
    keep up), this will always be the case.

    Pick your certifications carefully, and make sure they apply to what
    your experience/expertise is and what you want it to be.

    Allan wrote:

    >I'm gagging on this "certification" thing.
    >Certs / Exams are a determiner of MEMORY ability ... the number of related / unrelated details that a person can REMEMBER / RECAL in a time-restricted environment.
    >REAL life not only involves memory of facts but memory of where to LOOK for answers and finding them in what ever resource is available.
    >In my personal life, I repair cars, washing machines, deal with my children, do computer "consulting" work, answer tech-support phone calls, build firewalls, manage three properties, etc., etc. and there's NO WAY in (hades) that a person can know ALL the answers even MOST of the time in a time-restricted environment ... and that's why theres RESOURCES to which a person can turn to for the answers.
    >REAL LIFE isn't even about knowing all the answers but often includes FINDING answers for the 1st time !! And doing so quickly ... OR ... simply doing so RELIABLY ...
    >It's about wisdom. It's not just about "knowledge" but what to do with that knowledge.
    >Case in point. I worked for an engineering firm. They hired a young fellow who, in high school, was a wizz ... graduated at 15 ... went to Clarkson University ... again, a wizz. Graduated with high marks. Went to work for our engineering firm and couldn't do ANYTHING right, when it came to PRACTICAL application of what he knew.
    >Sadly MANY QUALIFIED people are overlooked because of issues of "certification" or "university degree".
    >It's a fact of life. It's exacerbated by the fact that now-a-days you can BUY your damn cert and STILL know NOTHING about what you're doing, in a PRACTICAL APPLICATION sense !!
    >There are certified and well degreed people working at firms which have been hacked / digitally vandilized / violated ( you fill in the adjective ). Can you think of a few ?
    >Cert Smert !!
    >They're as reliable, PERHAPS, as a "lie-detector" or Graphology ... perhaps ... maybe even as reliable as the qualifications of the CIA personnel (plural) who recommended that the USA / UK go into Iraq ... MAYBE ...
    >firewall-wizards mailing list
    firewall-wizards mailing list

  • Next message: DRISCOLL, ROBERT: "RE: Certification (was Re:[fw-wiz] Vulnerability Response)"