funsec mailing list archives

Re: "Skills gap"?

From: John Bambenek <bambenek.infosec () gmail com>
Date: Thu, 29 Nov 2012 11:41:06 -0600

Oh, I agree, it's only useful to get past the bean counters. I haven'thad a job that paid travel to take classes, so I haven't had the benefitof part 2 on that point (I would like a job some day that did offer thatbenefit though, but I'm more resigned to doing my own business just toget out of the grind)


On 11/29/12 11:35 AM, Blanchard, Michael (InfoSec) wrote:

The only think certs are good for is getting you into the door...  they're essential for getting your resume looked at, and 
I think we all agree on that part, so they're needed just for that piece...

  Yah, I have a few....I also have over 20 year experience to back them up... But, I was basically forced to get them due to 
management demanding all senior folks to have the certs (not just in my present company!)... which was cool to get them, all 
expense paid "vacations" to some sunny place to take an exam?  Yah sign me up for that for a week! :-)

  So there you go, Certs are useful for two things.... to keep your resume out of the trash before someone see it, and paid vacations to sunny 
and fun locations to take an exam :-)    Notice I didn't state that they're useful for anything remotely close to what they're 
*supposed* to be useful for.... 'cuz they're not...

Michael P. Blanchard
Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management
EMC ² Corporation
32 Coslin Drive
Southboro, MA 01772


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of John Bambenek
Sent: Thursday, November 29, 2012 10:39 AM
To: funsec () linuxbox org
Subject: Re: [funsec] "Skills gap"?

Oh, some people try to write a good test and we can have a nice
discussion about psychometrics and the lot, but at the end, we haven't
even figured out K-12 testing. It's a hard problem with no solution.

In our field, we need to be able to DO things, not be able to recite
knowledge.  And testing the ability to DO things in an objective way can
be kinda hard.

So, until then, resume your regularly scheduled hoop jumping and
ransom-pay for your CISSP certs ;)

On 11/29/12 7:31 AM, Rich Kulawiec wrote:

On Sat, Nov 24, 2012 at 09:24:29PM -0600, John Bambenek wrote:

That said, I've been helping write/audit SANS certifications for
awhile.  I'm simply ineligible to take them (for what should be
obvious reasons).  I got real tired of submitting resumes and being
told I need a GSEC/GCIH/et al.  I'd respond with I wrote part of the
question bank and some HR bean counter just didn't get it and
insisted I needed the paper.  I ended up taking the CISSP cold one
weekend just to have something and even then I got tired of paying
the annual ransom for letters that meant nothing.

Certifications are, in theory, a good idea.

Certifications are, in practice, crap.

Which isn't surprising really, if one takes Deep Throat's advice and
follows the money.  It rapidly becomes obvious that certification programs
are designed to maximize revenue, not to promote and/or measure expertise.
(Even those that start out with the latter goal and the best of intentions
inevitably gravitate to the former.)

This is a problem particularly in the security arena because, as you
astutely point out, HR bean counters look for them and resumes without
are routinely roundfiled -- never mind that the senders of those resumes
could *easily* be the most qualified applicants by a wide margin.  They
have become a shortcut for the technically illiterate and the impatient,
and unfortunately they're a shortcut that doesn't work.

I don't have any (viable) idea how to fix this.

---rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

"Skills gap"? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 24)
- Re: "Skills gap"? Paul Ferguson (Nov 24)
  - Message not available
    - Message not available
    - Fwd: "Skills gap"? Paul Ferguson (Nov 24)
    - Message not available
    - Re: Fwd: "Skills gap"? Paul Ferguson (Nov 24)
- Message not available
  - Re: "Skills gap"? Kyle Creyts (Nov 24)
    - Re: "Skills gap"? rackow (Nov 24)
    - Re: "Skills gap"? John Bambenek (Nov 24)
    - Re: "Skills gap"? Rich Kulawiec (Nov 29)
    - Re: "Skills gap"? John Bambenek (Nov 29)
    - Re: "Skills gap"? Blanchard, Michael (InfoSec) (Nov 29)
    - Re: "Skills gap"? John Bambenek (Nov 29)
    - Re: "Skills gap"? Paul Ferguson (Nov 29)
    - Re: "Skills gap"? Blanchard, Michael (InfoSec) (Nov 29)
    - Re: "Skills gap"? Paul Ferguson (Nov 29)
    - Re: "Skills gap"? John Bambenek (Nov 29)
    - Message not available
    - Re: "Skills gap"? John Bambenek (Nov 29)
    - Re: "Skills gap"? Jeffrey Walton (Nov 29)
    - Re: "Skills gap"? John Bambenek (Nov 29)
    - Re: "Skills gap"? Rich Kulawiec (Nov 30)
    - Message not available
    - Re: "Skills gap"? Paul Ferguson (Nov 29)