Letter to the editor
Following is a response to an FCW.com poll question that asked: "Do you think federal information technology workers should be required to earn a systems security certification?"
Instead of making federal information technology workers spend time getting a certification, have them spend time getting training.
I have always been opposed to the current trend in information technology toward certification, because they rarely indicate a person's true experience or ability.
I have known lots of people with Certified Information Systems Security Professional, Microsoft Certified Professional, Microsoft Certified Systems Administrator, Cisco Certified Network Associate and RedHat Certified Engineers certifications that I would not trust with any of my equipment. I have a certification too, but I only got it because my previous company offered a bonus to anyone who got certified.
I also know for a fact that at least two of the questions on one of the certification exams had no right answer (or one even remotely close) in their multiple-choice options.
I would change my vote to yes if certain provisions were met:
1. All training is provided at government's expense.
2. All certification testing is provided at government's expense.
3. All certification tests have hands-on lab testing as the major criteria for the certification exam.
4. Certifications have to be renewed every two to three years.
5. Training needs to be provided at government's expense to maintain a level of proficiency.
6. Guidelines for the training, certification and hands-on testing need to be determined by a reputable and knowledgeable agency, one that will not profit from the training or the certification.
Just my two cents.
Name withheld by request