I'm all for training, but anyone advising companies should make
them aware that a lot of certifications aren't worth the paper
they're printed on. After you meet enough CCNAs who ask, "Can
you show me how to log into the router?" or MCSEs who
don't know how to set a static route on an NT box, you start
to realize you'd better have a better way of qualifying people.
Furthermore, there are a number of certifications that are really
worth LESS than the paper they're on. When I got my CCSE (the
checkpoint cert), it was given merely for attendance. No knowledge,
testing, or comprehension required. A false trust in certifications
is a sure path to trouble. I know a number of people who view some
certifications as a significant negative. By the same token, even
the best engineers may list them just for the sake of the HR
department. One tactic that can be recommended is to find a very
highly respected, very observant security person with experience
and good people skills, and hire them on contract to do your
interviewing from a technical standpoint, if you don't already
have one on-staff.
In any event, I'd recommend putting as little stock in most
certifications as you can stand. MOST people with CCIEs or
CISSPs, in my experience, are going to be clueful, but definitely
not so with many others. For the MCP, CCNA, and CCSE, a good
indicator is how the bearer perceives the cert. A person with a
CCNA who admits, "If you can't get a CCNA, you shouldn't be near
a firewall," or someone who tells you right away, "Well, the CCSE
certs were just given out for attending a 4-day class," is at least
being honest about it. (And is shrewd enough to note that such
paper really does NOT make the candidate.)
--Matt
On Thu, Apr 06, 2000 at 03:14:22PM -0700, Loren MacGregor wrote:
> Tell your boss that I am currently looking for work in security
> administration, and one of the first things I ask a company is
> whether or not they provide training for certification, and funding
> for ongoing education. So far, the answer from companies concerned
> about security is, overwhelmingly, "Yes!" In fact, some companies
> I've talked with have said that they are not interested in staff who
> are not actively pursuing certification, if not already certified.
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
