Re: Brownie points
Long lists of certifications are only valuable when the certification and knowledge alleged to be behind it is adequately applied to business needs. I have seen my share of paper tigers over the years, where a list of certifications were obtained as a result of compiled test question brain dumps rather than actual hands on experience and learning leading up to the qualification for taking a certification exam. Are industry certifications valuable? It depends is a better answer. Professionally speaking I have my CISSP, ITIL V2 and V3, MCP, Qualysguard, eDiscovery, and nearly thirty years of industry experience to draw upon when I engage a client. That said, the value I bring to the table is the intellectual capital, the experience, the ability to understand the business direction and holistically align security strategies with it in a manner that provides transparency and accelerated decision making. Are these skills I developed the result of certifications? Partially, but not exactly. You see, a truly competent task focused technical professional in our industry must go through a constant crucible of evolution and growth in order to get to a level slightly above mediocre. Technology changes. We have witnessed communications move from three hundred baud dialup modems to high speed wireless in a rather short time frame. With each advance in technology moving us closer to ease of use and functionality we move further away from security. In practice, the speed of use and function is driven by business goals and objectives which often look to security long after the planning phase of the pet project occurred. As a result, security is sprayed on rather than baked in to the process. A truly certified professional who has spent the time really learning how to apply their skills will understand how to communicate and collaboratively build solutions that empower the business to thrive through trust, innovation, and accountability. If the certified party is the equivalent of a paper tiger who passed the test with brain dumps and without proper training and experience, the business will get zero value from the resource. In addition, when we come across such resources who are quick to work at a lower rate, they damage the rest of us by diminishing the value of the sweat equity we invested in learning our trade. I see this far too often with outsourced entities who attempt to contact me for opportunities at compensation rates I was earning in the early 1990s. They claim to have other certified people who will work for peanuts and I politely tell them I will be available at my premium value based rate to resolve the mess as soon as I learn who they damaged. You can make a career out of following where some of these imbeciles land because you know all too well that a big DNU should have been stamped on the CV by a competent recruiter focused on value for the customer rather than just matching keywords indicative of a desired certification. Sadly, these things happen on a daily basis and corporations contract the equivalent of cancer when internal controls fail to proactively red flag incompetence. This translates to loss of value, loss of time, and loss of opportunity. Brownie points for a certification? Yes, but buyer beware it could just be a knockoff. Trust, but verify is the mantra that keeps you safer than most.