Tuesday, October 6, 2009

Certifications are Evil? Maybe

Reading a bookImage via Wikipedia

I was reading a guest post over on Mark McKinnon's blog, Certifications are Evil.....By John McCash , which raises some interesting and controversial questions about the state of certifications.

The problem with certifications and most licensing exams, as mentioned in the post, is that they have little to no correlation with real world work.

Memorizing all the seven OSI layers and what they do might sound impressive, but knowing how to read a log file is more practical in incident response work.

Or being able to recite the structure of an Encase evidence file might be of interest to some people, but how practical is it in working actual cases? Not much.

Even the "practicals" I have seen are really not all that practical. They seem to focus on some specific skills that relate to the certification, but ignore the real world side of how a report would be done. Especially from a non-LE standpoint.

One thing I know from having taught hundreds of hours of various computer and software courses is that training, to be effective, needs to be 20% lecture and 90% hands on practice to really get the concept to sink in.

I would advocate immersion training any day over the standard training I see out there now.

The problem is that you can't cover as much in a short time period. So the cost of the training would be greater since it would take longer.

Developing mental "muscle memory" is much like developing physical muscle memory. It takes repetition, practice and immersion.

If you think about it, training someone in computer forensics, for instance, works much better if they are being trained in an environment where they start with some limited tasks, do those tasks until they master them and then move to the next set of tasks.

Much the same way I learned karate many years ago. I have a few broken bones to remember that by.

John McCash made some excellent points about how certifications as a filter can do the opposite of what an employer wants to do by excluding qualified candidates in favor of certified candidates.

Of course that is pretty much the way of the world these days. Having a college degree is a filter used in many job postings now, even if the degree has nothing to do with the actual job. So an experienced and qualified candidate gets a form letter while the degree holder gets an interview.

Given the choice I would always prefer to train my own people through an apprenticeship model augmented with specific training.

And since I am on the subject, I am going to rant about how overpriced computer forensic training is: $3,500.00 for a week's training? I do remember my math; for 10 students that is $35,000.00.

No wonder so many are not getting properly trained when it is so expensive.
Reblog this post [with Zemanta]


  1. I will have to say that the training is not as overpriced as you make it out to sound. By the time you rent the venue, pay for snacks, pay for the sound equipment. Then there is the printed material and the CD's (cost of paying someone to put all the training material/labs together) and other equipment you may get as well as getting the trainer there and housing and feeding them. So there are a lot of hidden costs most people do not think about when they see the price tag.

  2. How many times have you seen a job posting that was written for a forensics or IR position, but written by someone who knew anything at all about the position or about the skill set? I've seen positions listed for entry- and mid-level examiners that required a CISSP.

    I agree to some degree about the certifications, but I also think that it really depends on the individual, which is something that's not easily measured. I've worked with GCFA-certified individuals who had no idea about how partition tables are laid out (that's in...what...book 1?)...so it all depends on what the individual retains.

    I also agree with Mark that getting "properly" trained, in the sense that you appear to be using, isn't necessarily as difficult as you think. But I also think that, again, it depends on the individual. I fully agree with you about the hands-on, but at the same time, I don't feel that I'm someone who has to sit in a classroom and be taught in order to learn...there's a great deal out there that you can do on your own, and the part about "am I doing it right", for many things, can be encapsulated on a sheet of a paper.


I have moderated my comments due to spam.