I was going to write a brilliant, no really, post about the pointless certifications that exist for IT professionals, specifically IT security professionals. But then I realized that I would have to spend a few paragraphs on background, and frankly I’m not that motivated, either by anger or a desire to share.
However, and paradoxically enough, I was somewhat more motivated to post about my lack of motivation for posting on the previous subject. So here it is, a mundane and pointless thing I must share.
Do you work for a “Technology based, Networking company”?
Nope. Insurance now, publishing and banking before.
But what I was railing about, in my own listless way, was the alphabet soup of absolutely worthless “security certifications” that are around. CISSP, CISM, CISA, blah blah. For each one of these all you need to do is take a test; a test that kids just out of college who work for the big 5 (or is it 4, or 3?), are taking and passing, and suddenly by virtue of the string of letters behind their name they become as much an expert on security as me. Yeah, right.
And I’ll admit I’m helping to perpetuate the problem, I have the string of letters after my name too, but only because the certification “is a must have”. In what way? Do I know more now than before I paid $595 and took a test? No. It’s a must have because those same auditing firms say it’s a “must have”, and oh by the way “all our auditors have them”. The recursiveness of it all is mindboggling.
Y wnt t tlk bt mtvtn? dn’t vn hv th mtvtn t typ vwls.