Re: Network Security Certification

From: Joseph S. D. Yao (jsdyat_private)
Date: Fri May 01 1998 - 13:56:55 PDT

  • Next message: Mark Plesser: "Re: non-IP firewalls"

    > given that a computer science degree does not mean that you can program
    > only that you have some basic knowledge and an ability to learn.
    Grumble, grumble, grumble.
    A computer science degree SHOULD say that you know something about
    computer sciences - the mathematical support structure of our field of
    knowledge.  As with many physicists who don't know how to build a sand
    castle, not to mention mathematicians who can't reliably do arithmetic
    and balance checkbooks, I know some excellent computer scientists who
    really don't do any programming.
    Anybody can program.  Many "computer science" degrees are, in fact,
    just degrees in programming - which mean that the person who has them
    can write programs.  But cannot design, debug, re-use, plan, lead a
    team, or do any of the things that a proper software engineer - yet a
    different category! - should be able to do.
    Ob. on-topic: just as the field is not yet sufficiently mature that
    these different categories are correctly distinguished, so possibly the
    field of computer security is not sufficiently mature that the title of
    "expert" can be sufficiently tested for.  I am told I'm a computer
    security "expert" - "Because you know more than most of the people
    here."  And yet before many of you I'm as a rank amateur.
    And it may turn out that there IS no one certification or test that can
    show a person's professionalism.  In the classical model of a software
    development team, there are many different roles to play; and one of
    the marks of a good team leader is that he or she will be able to use
    people's strengths in those different roles.  In system administration,
    SAGE has just had a long argument about whether to be for or against
    CNE-type certification of system administrators; and the view that had
    the most support was to have exams in various sub-topics that would
    show a person's relative strengths and weaknesses, perhaps at first
    primarily so that a person could do a self-evaluation on how much more
    they should study a topic before they feel that they understand it.
    [These sub-topics were called "merit badges".  ;-)] And in computer
    security, perhaps something similar would be useful.
    Joe Yao				jsdyat_private - Joseph S. D. Yao
    COSPO Computer Support						EMT-A/B
    This message is not an official statement of COSPO policies.

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:13 PDT