But according to one security professional in the blogosphere, certifications are overrated.
The headline for an entry Byron Sonne contributed to San Francisco-based nCircle's VERT Daily Post blog this week sums it up: "Certifications are silly."
Sonne said he's never been a big fan of certifications for several reasons, the biggest being that he's seen "too many clowns" hired that had certifications but didn't live up to expectations.
When he was a contractor working on a job for Compaq/HP at the UHN hospitals in downtown Toronto, Sonne said, they hired another contractor who was a Microsoft Certified Systems Engineer (MCSE). It was a "very heterogeneous" environment with Windows, Netware and Unix, he said, adding, "We sat the guy down at a console. He browsed the network, and the next question he asked was, 'What domain are your Novell servers in?' Needless to say, he didn't last long."
Therein lies the problem, Sonne said: Certifications are about as far from holistic as possible.
"They train you for specific tasks and that's it," he said. "But that just doesn't work. The world and technology is an incredibly fluid place. In my opinion, we don't need to teach people technical skills as much as we need to teach people how to learn."
He went on to say that certifications make people lazy; both the applicants and the folks that hire them.
"There's just too much nuance when it comes to technical positions [and] the personalities of people vary too widely … people become boxes in search of checkmarks," he said. "You will lose good people just because someone lesser had one more arbitrary box with a checkmark in it."
Not everyone responding to his blog entry agreed. One person said, "Broad generalization such as 'Certifications make people lazy' are silly, not certifications."
But another respondent shared Sonne's view, saying, "IT certifications are a joke. If you want a real professional certification, try Professional Engineer or the BAR."
An ad Apple will regret?
In the spring update to its Top 20 vulnerabilities list, the SANS Institute concluded the Mac's reputation as a bullet-proof operating system was "in tatters" because of a recent string of security holes and malicious exploits, including a zero-day flaw.
In light of recent history, Winer said, "The ad about viruses is just plain STUPID. Man, are they asking for it. What happens when users who bought Macs thinking they couldn't get viruses all of a sudden are getting them? The Federal Trade Commission is going to love that. Can you spell Class Action Lawsuit?"
That criticism aside, he praised the overall quality of the ads as "great, incredibly irreverent and cleverly produced."
Oracle CSO should update blog
As I noted in a recent column, Oracle CSO Mary Ann Davidson started a blog a couple months ago. But she hasn't updated it since it was launched March 13.
In light of building criticism over the database giant's patching process, Davidson may want to consider updating the blog more often; using it to address many of those patching concerns.
Microsoft still takes its share of hits over security holes, but in the past year many customers have applauded the software giant for at least doing a better job at communicating security issues; using its own blog, among other things.