Home page logo

funsec logo funsec mailing list archives

Re: "Skills gap"?
From: Rich Kulawiec <rsk () gsp org>
Date: Fri, 30 Nov 2012 07:46:15 -0500

On Thu, Nov 29, 2012 at 12:59:12PM -0600, John Bambenek wrote:
FWIW, I was trolling my employer Ernst & Young about a decade ago
about certifications so I took the CCNA one day after cramming a
book.  Prior to the exam, I had never laid eyes on a cisco device,
much less interacted with one.

To that point, I think that a lot of us on this list could pull
similar stunts with certification exams in areas where we have
little to no experience simply because we're smart people and
we know how to game those kinds of tests.

Even more elaborate tests ("okay, this network is broken, figure it
out and fix it") still don't yield the results that we want because
it's simply not possible to make them varied enough.  (That is, if
someone is presented with 4 of these scenarios and fails all 4,
that doesn't tell us how they'd do with 40.  They might get 36 right.
We just happened to hit them with 4 that they suck at.  Another
candidate might nail all 4, then botch the next 36.  So what do
we do to equalize this?  Give them 80?  Test design is not a solved

In the end, all of this is an attempt to evade the issue, and that is,
that screening/interviewing candidates is hard.  It takes effort.
It takes clue.  It takes diligence.  There's no shortcut without
serious drawbacks.

For my part, I focus on analytical and reasoning skills much more
than knowledge base.  I'll bet that I needed John to have, let's say,
pf firewall configuration skills, and he presently had none, that I
could tell him to go figure it out, and in a couple of weeks or so
he'd have enough to do something useful.  So if I were interviewing
him for a gig where pf was significant, I wouldn't really care if
he even knew what it is; I would care whether he showed the ability
to pick up the basic concepts and learn the rest on-the-fly.

Of course the HR department is absolutely incapable of figuring
that out from either his resume or an interview.

Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]