I sware that I promised to myself do not enter into this , but ...
I think there are two completely different things here :
a) a certificate that qualify a person in a professional role or
specialization(Medicine Doctor or Neuro-Surgeon)
In this sense I completely agree with Bill and in this case falls CISSP
, CISA , CDIA , CTE , etc.
b) a certificate that assures that a person has a specific knowledge about a
product or set of products(presum-
able closely related)
In this sense I completely disagree from Bill and in this case falls
MCSE+I , MCNE , SCSA , CCIE , etc.
We must not misunderstand what these certifications are for.
Nobody should consider that a MCNE is somebody that is an expert in
Operating Systems ; but everybody should consider that a MCNE is somebody
that knows a lot about Novell's solutions.
So,there is no one better than a vendor to teach about its products - it
will be funny to have an academic team
trying to decide what is worth to teach about Solaris , how many quarters
it will last , which pre-requisites would
apply , etc - and no one better than this vendor to certify who have learned
enough to master its products(by the way , the tests are applied by
independent institutes , in some cases).
A vendor's certification is a way that a vendor has to assure a QUALITY of
the people who deal with its products. It is a way to say : hey , I have
good products and you must have good people to deal with them.
If the products are actually good or not , that is another question...but
the certification must be in the best vendor's interest.
Sorry for the length of this one.
Best Regards ,
PL Steinbruch
----- Original Message -----
From: Bill Stackpole <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 13, 1999 3:24 PM
Subject: RE: To Certify or Not To Certify - its a quality question
> Laris,
> I agreed Cisco's program is a good one. To me it's just a matter of the
> auditor auditing themselves or the security administrator certifying the
> security configuration. We wouldn't find that acceptable. It doesn't
mean
> that the auditor or the security administrator wouldn't do a good job.
It's
> poor practice to have someone police themselves. In competency testing it
> is poor practice to have someone test themselves. That doesn't mean that
> the vendors can't contribute to the process, just means they can't control
> it.
>
> I don't want to bore the list was a bunch of certification rhetoric so
I'll
> try to make this brief.
> A big part of the problem is the use of the word certification. Which is
> defined as:
> Compliance with a set of standards defined by non-governmental
> organizations. Certification is applied for by individuals on a voluntary
> basis and represents a professional status when achieved, e.g.,
> certification for a medical specialty.
> While vendors would certainly qualify as non-government their "standards"
> for certification vary from class attendance to passing a practical exam.
> Again it's simply a question of quality. I asked one of my vendors what
> they did to become "Network Security Certified" (it was in their marketing
> packet). Turns out they attended the training class for a vendor's
software
> package, where they fully demonstrated their competence at sitting for 3
> days!
>
> Bill Stackpole, CISSP
> "My opinions are my own and do not always reflect those of my employer."
>
>
> > -----Original Message-----
> > From: Laris Benkis [SMTP:[EMAIL PROTECTED]]
> > Sent: Monday, July 12, 1999 3:24 PM
> > To: 'Bill Stackpole'; [EMAIL PROTECTED]
> > Subject: RE: To Certify or Not To Certify - its a quality question
> >
> > I wouldn't entirely agree that vendor affiliation is bad. If the vendor
> > has proven that their testing regime is of a high standard then it
should
> > be respected. Two examples of that come to mind are MCSE and CCIE
> > (neither of which I have) I would be quite happy to put the latter on
my
> > business card but not the former. This is because I have a pretty good
> > idea of what is involved in getting each of these certifications.
> > Microsoft has devalued their certification process to the point that
many
> > people don't consider it a valid measure of technical competence. Cisco
> > to date has taken the high road - it remains to be seen if the recent
> > restructuring of the program maintains the integrity.
> >
> > Laris Benkis, QPSK, ATM, PSTN.
> >
> >
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
