Published April 7th, 2004

Today at Carroll College there was a Carreer Fair in the PE Center. I was sort of looking for a Part Time/Internship type job that pays more than minimum wage. I found the booth for the Computer Institute of the Rockies. I started talking to this Brad Smith guy, who says amoung other things he has submited some papers for Defcon. Brad had that ‘hacker’ look on him, long hair.. etc. So overall possibly a pretty cool guy. However the thing that I didn’t like was his insistance on getting various certifications, to ‘prove’ what you know. His own certs include the MCP. He even said that Windows 2003 is more secure than anything else out there (sigh, so much for FreeBSD). While he seemed firmly seated in Microsoft’s domain, he said he wouldn’t even consider hiring anyone without certifications. Do the Microsoft Certifications really carry that much weight?

At one time I considered getting a CCNA while still in high school. But it overall seems like a waste of time and money. Why do many of these tests cost hundreds or thousands of dollars and even more once you include the ‘training’. The whole certification industy seems like a scam to me. To get people who are unemployed to ‘prove’ what they know, and therefore get instantly hired (ha ha ha). Heck at Cyan, it was a joke if an applicant put that they were Microsoft Certified on their resume. If you think Certification is so important that is the main feature of your resume, can you really do good work?

These CIR Security people sound interesting, and maybe I will try to get a job from them sooner or later, but right now I am annoyed that they don’t even ‘consider’ people without certs. It smells of a bullshirt operation to me.

The other thing that put me off was that these security ‘experts’ website is hosted on IIS, and was written with FrontPage. Those are the kind of experts that I want to trust with my infrastructure. Peoeple who recommend the Microsoft Solution.

Written by Paul Querna, CTO @ ScaleFT. @pquerna