02-02-2014
19,118,
3,359
Join Date: Sep 2000
Last Activity: 15 July 2022, 8:51 AM EDT
Location: Asia Pacific, Cyberspace, in the Dark Dystopia
Posts: 19,118
Thanks Given: 2,351
Thanked 3,359 Times in 1,878 Posts
Well, I can confirm that just about every certified Internet security "expert" I know does not own nor operate an IT infrastructure that is constantly under attack and just about all of those "certified people" have never been in a real-time "cyberattack" against an IT infrastructure.
I'm constantly amazed at the "industry of certification" which just cranks out "paper experts" who have little to no real time operational experience; yet they parade around as if they are some kind of "expert".
Yep, as wisecracker discovered an old post of mine from long ago, I learned HPUX on a operational assembly line of Motorola radios where the factory had to be operational or "heads would roll". My first job was to build a system to integrate all of the HP test equipment on the assembly line with the Progress database using HP RMB (Rocky Mountain Basic) HPUX system APIs into the HP test gear. I recall that HP engineers told me that no one they knew of had actually done then things I had to do (like use RMB shared memory, message queues and semaphore IPCs), so we debugged the system calls in real time.
.. and at the same time I was learning vi, rm, mv, ls -la, etc. I have many stories like this, and often think I am remiss not to write about them in our "War Stories" section; but I'm still busy coding, learning, breaking down a system (mostly all software systems) into pieces to learn how it works - building things useful.
Somedays I wake up and remind myself "our forums serve to help between 2 and 3 million visitors a month who come to look for answers (or to share knowledge and answers) .... " and it reminds of of the good work we all do here, over the years and even now and into the future.
OBTW, I have one certification, the CISSP (Computer Information Systems Security Professional) cert, but I'm letting it expire, because I have learned something over the years (after getting this cert after doing a lot of security work). Here is what I have learned:
Certification is a kind of "illusion". We get certified and we think we have "accomplished something" and then we think we are an "expert" because we have a piece of paper we paid for from some certification agency (who mades money from all this).
Then, after certification, our minds tends to think "I am accomplished"... which is like a kind of morphine to the mind. We tend to focus on the certification, others who are certified, and the entire warp and woof of certification, instead of "seeking out new technical frontiers and boldly going where we have not gone before"..... (sorry for the Star Trek music in your head right now)
Anyway, not all certs are evil; the problem is really "us'... when we get the certs, we often begin to live under some illusion we are now "experts", and a fraternity similar to a "confederacy of dunces" is created of certified people who resemble a ice cream cone which licks itself silly.
Nearly all (if not all of - that I know of) the technical people whom I admire and deeply respect are not certified, without exception - guess they were simply too busy "doing something" versus getting "certified".
Edit: My apologizes if there are any recently "certified" friends who have busy getting certified and not developing systems, writing lots of code, or volunteering in technical projects - these are only my views and not those of the forums overall, based on my experience and observations.