I agree with you, Luff, but the positive thing is that you can work anywhere in
the world with certification ( + skill ! )
It's a practical way to measure knowledge...
For someone from Brazil like me, it's not easy to work abroad without
certifications ...
07/04/2000 02:10
"Luff, Darryl" <[EMAIL PROTECTED]>
From:
On:
To: Firewalls <[EMAIL PROTECTED]>
cc: "'Matt Wallace'" <[EMAIL PROTECTED]>, Loren MacGregor
<[EMAIL PROTECTED]>(bcc: Alessandra
Moura/AEI/RIO/ANP)
Subject: RE: Qualifications
(My bleat of the week)
The focus with all these certifications is totally wrong. People don't do
training to gain knowledge, they do training to pass exams. And the courses
become focussed on preparing people to pass the exams. It's the experience
that should be tested, not the stuff the courses and study guides teach you
- anyone can memorise that.
To be a true indicator, people should be able to pass exams cold, with no
brain dumps, study guides etc to study up on. I could get my
computer-illiterate sister (no offense Joanne!) through a CCNA or
MCP-qualifying exam with a couple of weeks study and some tutoring.
No certification that takes a single short exam can mean much. The ones that
take 5-6 exams (CCNP, MCSE) at least show that you're persistent.
Barring giving people random certification tests (A Sylvan Prometrics van
pulling people over on the road into networkers? "I want you to stand on one
leg and recite the commands to enable GRE tunneling on a Cisco router") the
only testing model that seems to mean anything is the one the CCIE uses. A
written test to weed out time-wasters, then being evaluated by qualified
people while they stress-test your knowledge doing your job.
A lot of certifications are driven by "Our company needs to be a Super-Duper
Shining Purple Partner of XXX Company and they say we need 3 CXQP's, 5
VCXZ's and at least one 2EZ4U to qualify. Pick the easiest exam and go do
it". So you go out and do the MS Proxy exam (oops).
If had two prospects, and their resumes said:
"George Smith
Qualifications: CCNP, MCSE+I, CCSE
Experience: Left school, worked a year installing PC's and a year studying
for exams"
"Jack Sprat
Qualifications: CNE
Experience: 3 years programmer, 4 years system admin for 50 server NetWare
network, 3 years Cisco router installations, 2 years network design and
installations"
which would you hire? If you're after someone to do real work, probably the
experienced guy. But if you needed Microsoft Purple Partner status, and were
one MCSE short of qualifying, which would you hire? Go the cheap way and
hire the beginner just to make up numbers? Or pay a higher salary to hire
the experienced guy and then have to pay the time and money to get him
certified?
Or you can rely on the best certification method - ring around associates
and say "I need someone to do XYZ. Can you recommend anyone?"
> -----Original Message-----
> From: Matt Wallace [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, April 07, 2000 11:50 AM
> To: Loren MacGregor
> Cc: Firewalls
> Subject: Re: Qualifications
>
>
> I'm all for training, but anyone advising companies should make
> them aware that a lot of certifications aren't worth the paper
> they're printed on. After you meet enough CCNAs who ask, "Can
> you show me how to log into the router?" or MCSEs who
> don't know how to set a static route on an NT box, you start
> to realize you'd better have a better way of qualifying people.
> Furthermore, there are a number of certifications that are really
> worth LESS than the paper they're on. When I got my CCSE (the
> checkpoint cert), it was given merely for attendance. No knowledge,
> testing, or comprehension required. A false trust in certifications
> is a sure path to trouble. I know a number of people who view some
> certifications as a significant negative. By the same token, even
> the best engineers may list them just for the sake of the HR
> department. One tactic that can be recommended is to find a very
> highly respected, very observant security person with experience
> and good people skills, and hire them on contract to do your
> interviewing from a technical standpoint, if you don't already
> have one on-staff.
>
> In any event, I'd recommend putting as little stock in most
> certifications as you can stand. MOST people with CCIEs or
> CISSPs, in my experience, are going to be clueful, but definitely
> not so with many others. For the MCP, CCNA, and CCSE, a good
> indicator is how the bearer perceives the cert. A person with a
> CCNA who admits, "If you can't get a CCNA, you shouldn't be near
> a firewall," or someone who tells you right away, "Well, the CCSE
> certs were just given out for attending a 4-day class," is at least
> being honest about it. (And is shrewd enough to note that such
> paper really does NOT make the candidate.)
>
> --Matt
>
> On Thu, Apr 06, 2000 at 03:14:22PM -0700, Loren MacGregor wrote:
>
> > Tell your boss that I am currently looking for work in security
> > administration, and one of the first things I ask a company is
> > whether or not they provide training for certification, and funding
> > for ongoing education. So far, the answer from companies concerned
> > about security is, overwhelmingly, "Yes!" In fact, some companies
> > I've talked with have said that they are not interested in staff who
> > are not actively pursuing certification, if not already certified.
> > "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
