Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Certifications
From: "pingywon MCSE" <pingywon () hotmail com>
Date: Mon, 22 Nov 2004 16:31:30 -0500

Agreed!

It seems we all have different takes but are on the same side of the fence
on this issue. By no means does a cert make the man. But at one point (at
least in the MS world) that was the case ...all you needed to say was "MCSE"
and cha ching.

With that not being the case anymore recruiters don’t care. They still
market it that way and will continue to until it is no longer profitable.

The "boot camp school" that I worked for had some really good instructors,
but some really lame practices as to "lure" people in. It was a 6 month
program and if you could spell your name - your IN!!

People had genuine concerns about weather or not they could do it and people
would tell them what they wanted to hear until the 6 week point (the point
of non-refundable tuition) .....very shady.

My part in the whole process was a nightly seminar that introduced the means
of MS/Cisco certs to the general public. )MCP/MCSA/MCSE/CCNA/CCDA.


I conducted this seminar VERY fairly (ultimately ended in termination) and
refused to be the one to "field" follow up calls to people 


If they want it - they will come back - I had a Q/A session at the end of
every night where I would answer any question under the sun related to "our"
program vs. some of the other places so on and so forth. 

If I had a good gauge that someone "would be able to handle the workload. Or
maybe they needed "computing for dummies" first. I would try and do my very
best to veer them away not only from "our" program, but any other and would
normally recommend that they try a "community college intro" course and then
get back to us. 

My immediate superiors had n/p with this ...but corp. didn’t like it ...


Im not a salesman and never could be. That is ultimately why I left. 


~pingywon MCSE MCSA MCP CCNA CCDA DCSE CIWA ....BLAH
 
http://www.pingywon.com

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Clement Dupuis
Sent: Monday, November 22, 2004 14:37
To: 'Scott Renna'; 'pingywon MCSE'
Cc: 'Paul'; full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] Certifications

One of the big problems is the marketing behind some of the certification
and the way people interpret what they are.

A certification like the CISSP is NOT an in depth certification.  Let's face
it, you need to have  3 years experience plus a degree in one or more of the
10 domains of expertise and this does not have to be continuous experience.
If you do not have a degree, you then need 4 years.

This means that someone who has been doing strictly doing physical security
for 4 years is allowed and entitled to sit for the exam.  If he studies
adequately and prepare himself, there are good chances that he can axe the
exam with 6 months of thorough studies.  Does this makes him a security
expert: NO Does this improve his general knowledge of security and make him
more aware that there is more than physical security to contribute to the
overall security of his company: YES.

A few letters behind your name will not get you those HIGH paying jobs that
unscrupulous people often promise.  Experience and a proven track record in
the field will.

I think there should be a certification about understanding certifications
given to head hunters and recruiters out there.  They would understand that
you do not have to ask for a CISSP to manage your firewall.  They would
understand that an MCSE is not required to do Linux Security.  Something it
is hilarious to see their job posting and what they are asking for.

Clement




-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Scott Renna
Sent: Monday, November 22, 2004 12:37 PM
To: pingywon MCSE
Cc: 'Paul'; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Certifications

I try to be considerate and leave our industry open to all, but 
bootcampers I have met....sheeesh, you may as well just had over the 
keys to the castle.  In many cases, they think they know what they are 
doing and weaken the security overall of the network.  i deal with this 
daily with my "higher-ups"

Honestly, it kind of makes me sad that I have a CISSP as I've recently 
met several supposed Security Experts that have those 5 letters attached 
to their name and know NOTHING.

That's why I recommend GIACs.  GIACs actually demonstrate you know what 
you are talking about

pingywon MCSE wrote:
Well this is one area I have dealt with too many times. For anyone who has
spent anytime on the MS cert new groups you all know what im talking
about. 

People who are already employed in IT with out any certs are the firsts
ones
to say how worthless they are and how everyone who has them "just
memorized"
a bunch of questions. 

People who have some certs - and might only be in the position they are in
today due largely to some certs would tend to disagree. 

I have also worked for one of these "boot camp" schools (for a total of
about 3 months-shame on me)

The inherent problem is that while the "boot camps" do serve their purpose
to people who need brushing up to gain some certs - people that already
have
a solid base to build upon - those aren't the people that go to boot camps

It doesn't matter if it is a 2 week boot camp or a 6 month one.
The people that go to these boot camps are roofers and construction
workers
who want a way out of their current employment situation. While that is
all
well and good these people do not make the best candidates for IT work
(with
no background knowledge) and the boot camps don't care (no matter if its
MS
er cisco boot camps) They just want their $$ ......like cattle I suppose.


Has this brought down the "bar" on what a cert means? ...it sure has
Does it mean everyone with certs doesn't know anything? Not at all

Most employers take certs for granted..And now they are EXPECTED - before
the cert use to be a distinguishing mark, now it is given

~pingywon MCSE
 
http://www.pingywon.com
-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Paul
Sent: Monday, November 22, 2004 02:57
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Certifications

While I gotta agree that experience is what
counts, what (if any) specialist certs should a
tertiary student, with a special interest in
security, use to underpin their prac?

P.S. If I'm too ignorant to warrant a civil
answer, like being told to go to the movies, my
apologies in advance so no flame needed.

=====

one step at a time...



Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault