Andy: Your methodology works in the programming/development field where someone can walk in with 100,000 lines of code and show you a tangible product/project. Networking is a bit difficult unless you're going to throw potential candidates into a working lab. Not likely. In my years of experience I have found that the best way to ferret out the true from the untrue is to have a battery of questions that are structured in such a way as to illicit an expert, a mid-level and a novice response. (This is done in person, and is never written.) For example: In NT you get a "blue screen". What are the potential problems and how do you resolve it. Each level candidate will have a response appropriate to their experience. The questionnaire should anticipate what the answers are, and grade the candidate's response accordingly. This way even a non-technical person can pre-screen. Those who past muster at this level make it to the next round. (The only drawback to this method is that it means you commit staff each time you interview, and you must be wary of the creative recruiter who snags a copy of the questionnaire to "prep" his candidates..it has happens :) Such a tool is great because many engineers do NOT know how to interview, and this gives them a guideline. I have interviewed many, many engineers using this method, and rarely does this evaluation not paint an accurate picture. Enough, Daren John ----Original Message Follows---- From: Andy <[EMAIL PROTECTED]> To: "Meritt, Jim" <[EMAIL PROTECTED]>, Firewalls List <[EMAIL PROTECTED]> Subject: Re: To Certify or Not To Certify Date: Thu, 15 Jul 1999 11:37:37 -0400 Meritt, Jim wrote: > > Interesting question, but if the answer is "not", what alternatives are > there? Remember that these alternatives have to be time and cost effective > and recognizable by a recruiter who is NOT a subject-matter expert in the > area of IS security. > > So what are the alternatives? Looking at this from another domain, I've seen certified PowerBuilder developers that range in quality from "book smart" beginners all the way to experienced pros. I don't know about network certifications, but I've gotten around this problem by implementing my own tests. I use resumes to build a list of promising leads, then I can sit a potential developer down in front of a clean development machine and give him/her an hour or two to play. In that time, I can effectively place that person into one of three groups: 1. useless newbie/outright liar 2. promising beginner/intermediate 3. seasoned pro. It's not even necessary for me to develop a "test" per se. All I need to do is sit them down and say, "show me something interesting." I can grade the results based on what level of developer I'm looking to hire. Granted, this method requires that I have an "expert" on hand to grade the results, but a development shop without at least one of these already on staff has bigger problems than deciding whether or not to believe a certification. This method has worked well for high-level language developers. I don't know how it would translate to mid-level or network/security stuff. -Andy - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.] _______________________________________________________________ Get Free Email and Do More On The Web. Visit http://www.msn.com - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
