[attrition] Good story on the "value" of IT certifications

[security curmudgeon]

---------- Forwarded message ----------
From: Richard Forno <rforno at infowarrior.org>

I've always questioned the value of professional IT certifications, and
more so the desire of Corporate America to base hiring decisions on a
prospective candidate having such things listed on their resume.  This
article, from CIO Magazine, restates my concerns about this industry
practice.  While Schrage's comments are aimed at the IT certifications in
general, his underlying thoughts echo my ongoing sentiments on this topic
as pertain to the IT security arena. (Incidentally, the best internet
security experts I know of - and trust - do NOT hold certificates.)

See also "Certifiably Certified" - my 2002 column on the dubious value of
certifications in the information security industry. Column is available
at: http://www.securityfocus.com/columnists/118

-rick
Infowarrior.org



Hiding Behind Certification
An overreliance on IT sheepskins is a recipe for disaster.

http://www.cio.com/archive/061504/itwork.html?printversion=yes

PROFESSIONAL CIRCUMSTANCES have twice required me to become an "instant
expert" on certification. The first time involved grasping the byzantine
ins and outs of health-care plan accreditation. The second time required
understanding the politics (and economics) of how different universities
granted diplomas and certificates for their business, technical and
professional extension courses. I learned far more than I bargained for.

Both experiences recalled Bismarck's famous epigram that one should never
see either laws or sausage being made. I was shocked. Professional
certification and accreditation turned out to be processes as messy,
political, misleading and dysfunctional as most enterprise software
development and implementation initiatives. The critical difference, of
course, is that testing software quality is easier and less ambiguous than
testing the quality of a certification.

That's why I've been struck by the seemingly pathological need so many
CIOs have for the certification of skills and accreditation of
organizational performance. I find this craving misguided and pathetic.
What does it really say when someone is Microsoft certified? Or has a
certificate in "network engineering" from a quality university? Or if a
development organization has a Capability Maturity Model Level 3 rating?
Or is ISO 9000 compliant?

In many respects, these questions are as pointless and silly as asking,
what does it mean to graduate summa cum laude from Harvard in English? Or,
how good a lawyer will you be if you performed brilliantly on the
multistate bar exam? Or, to be a total jerk about it, how superior an
executive would you be if you had an MBA from a top-20 school?

< snip >

http://www.cio.com/archive/061504/itwork.html?printversion=yes