Certification has long been the ultimate holy grail for many IT professionals, but does it still have the same impact in today’s market ? Aside from MCSE and some fairly inconclusive security accreditation, the presence of a CISSP still seems to reign "“supreme”, and carries a lot of weight and respect in the industry.
However, what does accreditation really prove ? Does it provide evidence that in a particular scenario, you’d know exactly how to respond, or what to do ? Not necessarily. Most exams these days are multiple choice - this was the case back in the early 2000’s when I decided to sit an MCSE and is still the case today. Real life scenario responses are not based on multiple choice, but on fundamental subject matter knowledge, and (most of all) experience. Back in the first part of this millennium, I worked alongside an MCSE ‘enthusiast’ whose depth of knowledge within the information technology field was questionable with even the most basic skill set either missing, or incomplete in most cases. However, he’d successfully completed an MCSE, and in his mind, this was enough to prove he understood the subject matter.
Fair enough, but not the case in my view. Firstly, anyone can read a book and then take an exam - and in all probability, pass having completed braindumps previously. In a theory only exam, this is not a clear indicator that you know the subject matter inside out - it really means that you’ve retained sufficient information to answer the questions presented correctly. The real difference is when you sit an exam that has a practical element such as the CCIE. In this exam, it’s essential that you have a concrete understanding of the inner workings of networks and their associated topology requirements, and not just what you’ve read in a text book - this is nowhere near enough knowledge when it comes to trying to figure out what is causing black hole routing within your network, or why a previously removed firewall is still being referenced and preferred in an ARP table from an adjacent router for example. To resolve issues and find answers outside of what a textbook can provide, you either need external assistance in the form of consultancy, or in this case, experience.
Now here comes the conundrum. You cannot gain experience without exposure, and it seems in today’s market, you cannot gain exposure without certification or a professional qualification. The ultimate vicious circle it would appear. Additionally, the CEH exam requires at least 2 years of experience with an employer (that is also subject to validation) before you can enter the exam. Admittedly, they may accept education as entry, although this is not guaranteed, and is handled on a case-by-case basis.
I’ve never been a supporter of those institutions that require a minimum of a degree before you will even be considered for an interview. As you’ll note in the about page on this blog, I do not possess a degree - but it has never stopped me from achieving my ambition, or becoming extensively knowledgeable in my chosen field. No. In fact, it pushed me even harder in life as I felt I always had something extra to prove. I’ve worked in some organisations where there’s the misconception that if you didn’t achieve a degree, then you lack intelligence, or the required credentials to even do the job you are in.
Discrimination ? Yes.
Acceptable ? Not in today’s climate.
I’m interested in comments and thoughts in relation to this topic.