Certs: Added value or minimum requirement?

I've got a Bachelors Degree in Information Systems Management, my Certified Information Security Systems Professional (CISSP) certification, the SANS GIAC Systems and Network Auditor (GSNA) certificate and I used to be a CCNA.   I spent two years getting my B.S. by attending night courses, the CISSP took me 6 months of constant study, the GSNA required a week's worth of intense instructor lead study, and I spent the better part of a school year taking the official Cisco course work at the local junior college before taking the test.  And with the exception of the CCNA, the time I spent earning my degree and getting my certifications was aimed strictly at filling in a check box on an HR person's list rather than learning something.  Not to say I didn't learn something in studying for each, but my goal was fulfilling a job requirement instead of education.

I have mixed feelings about certifications in the IT and security professions; certifications show that someone has the minimum knowledge required to pass a particular test.  It shows they understand their profession well enough to know what certificates are going to be required to get a job in their field.  It shows that the person is dedicated enough to their profession to take and pass these tests.  But what it doesn't show is real-world knowledge of security.

Obviously I'm not opposed to certifications, since I hold several myself.  But I've never liked the fact that many people think certification and skills are the same thing.  The fact that having the right certification can mean a significantly higher level of pay for professionals who otherwise are of the same skill level only further complicates the situation.   It encourages people to accumulate as many different certifications as possible to help bolster their income, something I'm as guilty of as anyone else.

I remember the early days of the Microsoft Certified Systems Engineer and "paper MCSE's" who had passed all the tests, but could barely remember how to change a password when they got their first job in the real world.  I often hear accusations that the CISSP is heading in the same direction, despite increased efforts by the ISC2 to validate candidates and  verify levels of experience.  But I think both of these miss the real point of certification; they show that someone has spent the time and effort to pass a test, not that they have the skills required to work in the real world.   After all, no one expects a kid fresh out of college to know everything about their chosen career, so why should a certificate be any different?

Certs: Added value or minimum requirement?

I've got a Bachelors Degree in Information Systems Management, my Certified Information Security Systems Professional (CISSP) certification, the SANS GIAC Systems and Network Auditor (GSNA) certificate and I used to be a CCNA.   I spent two years getting my B.S. by attending night courses, the CISSP took me 6 months of constant study, the GSNA required a week's worth of intense instructor lead study, and I spent the better part of a school year taking the official Cisco course work at the local junior college before taking the test.  And with the exception of the CCNA, the time I spent earning my degree and getting my certifications was aimed strictly at filling in a check box on an HR person's list rather than learning something.  Not to say I didn't learn something in studying for each, but my goal was fulfilling a job requirement instead of education.

IT staff laid off while fat-cat private-equity owners rake in the dough

There's an eye-opening story in the Wall Street Journal today (subscription required) about the consequences for IT staffers when private-equity firm Blackstone Group bought Travelport Ltd. last August. "Two months after the deal closed, scores of employees were lugging boxes of personal belongings to their cars, having lost their jobs," the story says. Let's look at some of the human casualties: John Kliegel, 41 years old, a computer-systems analyst, and his twin, Russell, a technical writer, were both laid off. They're selling the house they share because they can no longer afford it. Don Kleppinger, a 46-year-old software engineer with five sons, lost his job, leaving him without health insurance for several months. "It came as a shock," says Michael Berson, 49, who lost his job as a data engineer in October, three years after receiving a "Super Star" award for saving the company $1.2 million on telecommunications costs. Grace Covyeau, 63, who lost her job as a telecommunications engineer, took a part-time job last month making sandwiches and coffee at King Soopers grocery store.

IT staff laid off while fat-cat private-equity owners rake in the dough

There's an eye-opening story in the Wall Street Journal today (subscription required) about the consequences for IT staffers when private-equity firm Blackstone Group bought Travelport Ltd. last August. "Two months after the deal closed, scores of employees were lugging boxes of personal belongings to their cars, having lost their jobs," the story says. Let's look at some of the human casualties: John Kliegel, 41 years old, a computer-systems analyst, and his twin, Russell, a technical writer, were both laid off. They're selling the house they share because they can no longer afford it. Don Kleppinger, a 46-year-old software engineer with five sons, lost his job, leaving him without health insurance for several months. "It came as a shock," says Michael Berson, 49, who lost his job as a data engineer in October, three years after receiving a "Super Star" award for saving the company $1.2 million on telecommunications costs. Grace Covyeau, 63, who lost her job as a telecommunications engineer, took a part-time job last month making sandwiches and coffee at King Soopers grocery store.

Shark Tank: And that answers a lot of questions right there

This big utility company has an, um, diverse IT support group, and it's getting a new manager, says a pilot fish on the scene. "The new guy has a reputation for being a corporate man who does things by the book," fish says. "At our first group get-together to meet the new boss, we go though the normal intros: 'how I work, what I expect,' yada yada." Then the boss opens the floor to questions. And one of the more, um, astute IT employees has one.

Shark Tank: And that answers a lot of questions right there

This big utility company has an, um, diverse IT support group, and it's getting a new manager, says a pilot fish on the scene. "The new guy has a reputation for being a corporate man who does things by the book," fish says. "At our first group get-together to meet the new boss, we go though the normal intros: 'how I work, what I expect,' yada yada." Then the boss opens the floor to questions. And one of the more, um, astute IT employees has one.