Security Basics: RE: Value of certifications

["David Harley" <david.a.harley () gmail com>]

It's a matter of expectation, I guess. 
* If you claim a certification you no longer have, that's dishonest, no
question. (I doubt if that's a controversial position.) If your prospective
employer doesn't check your credentials, though, they have to accept some of
the responsibility. 
* However, if you make it clear that the cert has expired, then  it says
something about your ability to recertify if necessary, and thus about your
knowledge of the field. OTOH, if you're still working in that field but
haven't recertified, the employer may doubt your dedication and commitment.
That may not always be fair but it's a risk you accept, or not. You do have
a responsibility not to mislead the employer into thinking you're fully
current (of course you may be: a cert is rarely the only way to stay current
with a field in which you're already competent), but they have a
responsibility to assess that, too.
* I quite like the (ISC)2 approach too, and I'm glad we can agree on that.
(Basically, you either earn credits for proving continued professional
development, or you retake the exam after three years IIRC.) You get credits
for stuff like attending courses and seminars, published writing in the
field, and so on, so it's quite flexible, but (ISC)2 have the right to
validate your CPE credits. However, there are certainly times where
re-examination is a Good Thing. I wouldn't want to present myself as a
potential paramedic because I passed a first aid exam in the 70s, for
instance. :)

> I do like your quote that "qualifications are the beginning." 
Me too. I've always said certs are not a substitute for experience.

-- 
David Harley CISSP, Small Blue-Green World
Security Author/Editor/Consultant/Researcher
AVIEN Guide to Malware:
http://www.smallblue-greenworld.co.uk/pages/avienguide.html
Security Bibliography:
http://www.smallblue-greenworld.co.uk/pages/bibliography.html