Security Basics mailing list archives

RE: RE: Value of certifications

From: "David Harley" <david.a.harley () gmail com>
Date: Tue, 1 May 2007 01:26:21 +0100

Certification's

      * show a baseline of knowledge in the subject area and career
        drive


True. How useful the baseline -is- depends on the cert.

      * are helpful in getting interviews


Sometimes true.

      * you do learn alot in preparation of most exams.


Depends on the cert and the individual. Can be true, certainly.

      * they are not useless or a waste of time and are helpful in
        career advancement (same as a degree)


The main purpose of most qualifications is to prove something to
employers... The trick is to have an idea of what the qualification -really-
tells you. Prospective employers don't necessarily have that idea.

      * a cert. does not make you an expert or even mean you can apply
        infosec in the real world environments


Indeed (though to some extent, that depends on the cert). On the other hand,
having a cert doesn't prove you -don't- know anything, as some posts in this
thread come close to suggesting. Actually, working in the field for 20 years
(see sig) doesn't prove you know anything either. ;-)

      * some people with high level certs have no true 
understanding of
        infosec in practical terms


As also pointed out by others, you need experience as well as an adequate
exam score to get some certs. But some people learn more than others from
experience.

Let's get really obvious. There are all kinds of practitioners: some manage
people better than systems, and vice versa. Some need to be more hands-on
than others. Good managers are not always hands-on, and some hands-on people
should have their hands tied behind their backs. 

Some are idiots, some are certified idiots, some are not at all idiotic,
some unqualified non-idiots have enough common sense to put them a mile
ahead of a certified idiot. 

A cert is an indicator, not proof (either way.) If you judge people purely
by the letters after their name, or the absence thereof, you risk severe
disappointment, or missing a gem. Many admirable qualifications don't append
any letters...

-- 
David Harley CISSP (plus around 20 years on-the-job experience...)
Security Author/Editor/Consultant/Researcher
Small Blue-Green World
AVIEN Guide to Malware:
http://www.smallblue-greenworld.co.uk/pages/avienguide.html
Security Bibliography:
http://www.smallblue-greenworld.co.uk/pages/bibliography.html

Current thread:

RE: RE: Value of certifications David Harley (May 01)
- <Possible follow-ups>
- Re: RE: RE: Value of certifications nomail (May 01)
- RE: Value of certifications Simmons, James (May 01)
- RE: RE: Value of certifications David Harley (May 02)
  - RE: Value of certifications Jones, David H (May 02)
- Re: Value of certifications Hari Sekhon (May 16)
  - RE: Value of certifications Devin Rambo (May 16)
  - RE: Value of certifications Simmons, James (May 16)
    - Message not available
    - Fwd: Value of certifications kevin fielder (May 17)
    - RE: Value of certifications David Harley (May 17)
- RE: Value of certifications Craig Wright (May 17)
  - RE: Value of certifications Erin Carroll (May 18)