Meritt, Jim wrote:
>
> Interesting question, but if the answer is "not", what alternatives are
> there? Remember that these alternatives have to be time and cost effective
> and recognizable by a recruiter who is NOT a subject-matter expert in the
> area of IS security.
>
> So what are the alternatives?
Looking at this from another domain, I've seen certified PowerBuilder
developers that range in quality from "book smart" beginners all the way
to experienced pros. I don't know about network certifications, but I've
gotten around this problem by implementing my own tests. I use resumes
to build a list of promising leads, then I can sit a potential developer
down in front of a clean development machine and give him/her an hour or
two to play. In that time, I can effectively place that person into one
of three groups:
1. useless newbie/outright liar
2. promising beginner/intermediate
3. seasoned pro.
It's not even necessary for me to develop a "test" per se. All I need to
do is sit them down and say, "show me something interesting." I can
grade the results based on what level of developer I'm looking to hire.
Granted, this method requires that I have an "expert" on hand to grade
the results, but a development shop without at least one of these
already on staff has bigger problems than deciding whether or not to
believe a certification.
This method has worked well for high-level language developers. I don't
know how it would translate to mid-level or network/security stuff.
-Andy
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
