Thursday, May 24, 2007

Value of certifications

There has been alot of discussion about the value of certifications lately. Here are a couple of links:

taosecurity link link

securityfocus link

My take on it is that most of these guys like Don Parker and Richard Bejtlich are the exceptions to needing certification rather than the norm. If you are published author or regularly speak at conferences you probably possess a large body of knowledge. So its not unthinkable to think that people of this caliber might question the value or need of certification because they already possess advanced knowledge in those subjects

What I'm slowly learning about computers and security is that once something has been brought into your "knowledge realm" its sometimes hard to remember a time when you didn't know that piece of knowledge or how its possible that other people don't know that. nmap switches and usage can be used as an example or maybe even using tools like nessus or metasploit.

In the back of my mind I remember needing my cheat sheet for nmap switches. Now of course I can tell you all about them from memory and don't need a cheat sheet to use the various switches. The question then comes up of how did I or how can someone else get to that point.

Obviously using those tools while working with LSO helped alot but studying the stuff for my CEH and CPTS exams also helped bring that information into the knowledge realm and thankfully it stuck. Certification definitely helps people learn and can create a roadmap for someone trying to get into an IT niche whether it be routers, firewalls, security or whatever.

Does having cert X mean that person is immediately qualified to work in your organization, of course not, thats why you interview a person to make sure whats on their resume is what is actually in their knowledge realm and they can actually apply that stuff at work.

No comments: