[Dshield] Certifications: Not worth the paper they are printed on?

Johannes Ullrich jullrich at euclidian.com
Tue Oct 7 13:52:33 GMT 2008

> Never said it was new. I just reached my limit Friday and had to say
> something. We should all be working to educate employers which certs are
> worth something and which ones are not. Plus, we should work with
> employers to help them understand what are the appropriate certs for a
> given job description.
I second that ;-)

In the past, I have been involved with GIAC in various capacities.
Currently, I am directing the GIAC Gold program. Of course, GIAC Gold is
very unique in that it requires applicants to write a paper. But let me
discuss certifications in general first:

In my opinion, a certification is usually a good tool to demonstrate and
aptitude and basic profficiency in a particular field. In particular for a
junior position, certifications can be a useful hiring tool. However the
more senior and the more specialized a position becomes, the less value a
certification will have to predict the skills of an application. A
certification does not substitute real world experience.

With GIAC, we went the extra mile to have our certification ANSI certified.
Yes, it sounds odd, but there is a certification for certifications. The
ANSI certification attempts to address some of the common issues people have
with certifications:

- you have to "link" a certification to a job function, and proof that the
test actually covers knowledge required for the particular job. This is done
via a job task analysis. You get together a panel of experts, who will
create a list of tasks and associated skills commonly associated with this
job. This list is then used to write questions.

- you have to proof that people who have some experience in this particular
job do better then people with less or no experience.

- teaching a course related to the certification has to be seperated from
creating the certification. The only "shared knowledge" is the job task

Now of course, there is a lot more details to this, but I think these points
represent what ANSI is trying to do. The sad part is that in order to rn all
the statistics necessary to provide the proof, you are essentially limited
to multiple choice tests. It is very hard, if not impossible, to go through
this process with essays like for example with GIAC Gold (only certain
Silver GIAC certifications are ANSI compliant at this point).

A big problem is that many recruiters first of all don't understand the job
they are hiring for, and secondly, they are lazy and try to get away with a
couple of simple keyword searches. As Jon mentioned above: Make sure your
company HR department / recruiter knows what to look for.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/list/attachments/20081007/0f14a2c3/attachment.htm 

More information about the Dshield mailing list