Skip to content
2011-04-13 / gerdk

Certification considered … doubtful

I had just read Martin Fowler’s article CertificationCompetenceCorrelation a day before a friend of mine pointed me to http://www.networkworld.com/newsletters/sec/2011/040411sec1.html (the original article with the discovery of a keylogger on a Samsung notebook; it is no longer directly available). Then I heard about this: Samsung Keylogger Reports Due To False Positive.

So – what is the connection between Certification-Competence-Correlation and the false positive incident?

From the original authors bio:

Mohamed Hassan, MSIA, CISSP, CISA is the founder of NetSec Consulting Corp, a firm that specializes in information security consulting services. He is a senior IT Security consultant and an adjunct professor of Information Systems in the School of Business at the University of Phoenix.

Yup, that are quite a few impressive sounding abbreviations behind the name. So that person is a Certified Information Systems Security Professional – and still made such a terrible oversight. What does that say about the quality of the certification?

For me it shows (again) that a certification is – on its own – nothing more than a proof of willingness to spend some time and money to increase ones chances on the job market.

Never judge or hire someone on certifications alone; and by the way, that holds true for an university degree or similar as well. Let them prove what they actually can do in programming exercices or proof of previous work (which is usually hard to get).

Disclaimer: Let me finish by making it clear that someone who has a certification is not incompetent by definition – I want to make it absolutely clear that I strongly believe that a certification is not a proof of competence, but there is no implicit inversion, i.e. competence does not mandate absence of a certification.

Even more important Disclaimer: This post is written in the context of software development and software development only. It is not valid in any other fields. I certainly want my physician to have a degree and certifications 😉

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: