1998-04-30-14:23:10 Darren: > Maybe...but what about those who feel slighted because working > with computers isn't regarded the same as it is accountancy ? You know, I believe I have never in my life met or heard of such a person. Have you? Or is those who feel so slighted actually a non-existent debating point? I find it hard to imagine such a person.... > For example, it's a lot harder for a person to grab a book on > accountancy, read a bit and then go around charging people $10,000 > to do XYZ for them and not give them value for money. Yup. And if the computer industry's rate of advancement and development should become as stable as that in accountancy, perhaps because it gets a few thousand years of experience under its belt to figure out how things should be done, then perhaps we'll be able to erect artificial barriers to make such fraud harder. > Whereas in the computer industry, what surety do we have that your > references are worth anything? Only common sense and intelligence, the same scarce resources that are always required to check references. > Who has ever given bad references on a resume? Not me. Some people I've caught, though. It's really not all that hard. > Yet, at the same time we're all saying that taking measures that would > attempt to deal with these scenarios are worthless. No, that's not what we're saying. We are instead saying that noble though such efforts would be if they were workable, as things stand they're rather worse than worthless, they are fraudulent. When it's impossible to certify the body of knowlege required to practice your trade effectively, what's left for certification to do? Be a meaningless rubber-stamp of interest only to people who can't assemble the references or pass a good technical interview? > I can't believe anyone who actually takes pride in their work as a > computer security professional would want to make it any easier for > frauds to inhabit the industry but yet here you all are saying that > taking the time to "certify" those who can at least meet some common > level is pointless. I've never met anyone with experience and credentials in the security field who believed that computer security expertise could be usefully tested for and certified. I don't propose making it easier for frauds; I'm all in favour of effective measures to make their life harder. Sadly, certification in computer security doesn't seem to profit anyone except those same frauds. > Sure, there will always be "good" and "bad" people who manage to pass > whatever tests there is, but at least if they screw up they can be > de-bar'd or deregistered or whatever and no longer able to legally > portray themselves as being certified. So you're not claiming a benefit to the testing process, as much as a closed lodge, your friends and your friends only get to wear the special badge. That sounds useful, sure. How do you propose to define ``screw up''? What would be grounds for stripping smoeone of their credentials? Who would decide? > But if said certificate also helps us keep scum out of the industry, > then that's an evil I'm prepared to endure. If on the other hand you believed that scum were the only people who could actively profit from certification, then how would you feel about it? -Bennett
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:59 PDT