From jericho at attrition.org Sat Jun 19 16:50:46 2004 From: jericho at attrition.org (security curmudgeon) Date: Sat Jun 19 16:50:49 2004 Subject: [attrition] Good story on the "value" of IT certifications Message-ID: ---------- Forwarded message ---------- From: Richard Forno I've always questioned the value of professional IT certifications, and more so the desire of Corporate America to base hiring decisions on a prospective candidate having such things listed on their resume. This article, from CIO Magazine, restates my concerns about this industry practice. While Schrage's comments are aimed at the IT certifications in general, his underlying thoughts echo my ongoing sentiments on this topic as pertain to the IT security arena. (Incidentally, the best internet security experts I know of - and trust - do NOT hold certificates.) See also "Certifiably Certified" - my 2002 column on the dubious value of certifications in the information security industry. Column is available at: http://www.securityfocus.com/columnists/118 -rick Infowarrior.org Hiding Behind Certification An overreliance on IT sheepskins is a recipe for disaster. http://www.cio.com/archive/061504/itwork.html?printversion=yes PROFESSIONAL CIRCUMSTANCES have twice required me to become an "instant expert" on certification. The first time involved grasping the byzantine ins and outs of health-care plan accreditation. The second time required understanding the politics (and economics) of how different universities granted diplomas and certificates for their business, technical and professional extension courses. I learned far more than I bargained for. Both experiences recalled Bismarck's famous epigram that one should never see either laws or sausage being made. I was shocked. Professional certification and accreditation turned out to be processes as messy, political, misleading and dysfunctional as most enterprise software development and implementation initiatives. The critical difference, of course, is that testing software quality is easier and less ambiguous than testing the quality of a certification. That's why I've been struck by the seemingly pathological need so many CIOs have for the certification of skills and accreditation of organizational performance. I find this craving misguided and pathetic. What does it really say when someone is Microsoft certified? Or has a certificate in "network engineering" from a quality university? Or if a development organization has a Capability Maturity Model Level 3 rating? Or is ISO 9000 compliant? In many respects, these questions are as pointless and silly as asking, what does it mean to graduate summa cum laude from Harvard in English? Or, how good a lawyer will you be if you performed brilliantly on the multistate bar exam? Or, to be a total jerk about it, how superior an executive would you be if you had an MBA from a top-20 school? < snip > http://www.cio.com/archive/061504/itwork.html?printversion=yes From jericho at attrition.org Tue Jun 22 06:00:28 2004 From: jericho at attrition.org (security curmudgeon) Date: Tue Jun 22 06:00:30 2004 Subject: [attrition] going postal: big stupids Message-ID: http://www.attrition.org/postal/p0008.html again, we provide helpful links he's got the funk fuckin google couple more tech support 101 smart enough not to reply squido and compassion wacko jacko stalker conversation killer abundance