Re: Network Security Certification

From: David Collier-Brown (davecbat_private)
Date: Wed Apr 29 1998 - 04:47:42 PDT

Next message: Steve Bellovin: "Re: Mobile Code Security???"

Previous message: John Painter: "Re: Mobile Code Security???"
Next in thread: darrenrat_private: "Re: Network Security Certification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On the other - and to my mind, more important - hand, one thing that
> such a qualification will never provide is a demonstation that the
> possessor of said qualification has got a "CLUE"(TM) [1] - viz: a deep
> comprehension of the issues of network security, rather than the mere
> ability to parrot-rote the "N" different software security
> certification systems that are in use worldwide.

	Actually, certifications have a long and (dis-)honorable
	history, and often start at a level **between** parroting
	and expertise.

	Consider the old terms '`apprentice'', ``journeyman''
	and ``master'':

	An apprentice is learning something, and probably
	spends a lot of time parroting his masters without
	interpretation. He does not know the rules, just
	parts of them. He works under direct supervision.

	A journeyman has learned something, and is ready to put 
	it to use.  He knows the rules, and how to put them
	into practice. He may have been selected to 
	journeyman rank by his master or may have passed 
	an examination.  He works without supervision, 
	but his work is inspected by a master.

	A master knows the rules, how to apply them and when
	to break them.  He has proven this by doing a ``master piece'',
	and his peers have elected him to their rank.

	(phew!) 
	I just went through a course on (analytic) project management,
	to put beside my experience doing the work.  If I aspired
	to the rank of journeyman, and expected to do that task
	all the time, I might be well-advised to stand the certification
	exam for journeyman.

	And if I did it full-time, I'd expect to wave my certificate
	at the customers to say ``see, I'm a journeyman. I can do this
	stuff''.  The customer might want to bring in a consultant
	(a real one: a master) to write the requirements and inspect the
	completed work, but that's their call.

--dave
	In a different life, I was the consultant brought in to 
	specify and inspect.  The person doing the <work> was a journeyman
	<worker>, but a master project manager.
-- 
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | davecbat_private, canada.sun.com
M2N 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb

Next message: Steve Bellovin: "Re: Mobile Code Security???"
Previous message: John Painter: "Re: Mobile Code Security???"
Next in thread: darrenrat_private: "Re: Network Security Certification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:19 PDT