Build the Next-Generation Data Center
6 week online course starting in spring 2017

Why cybersecurity certifications suck

Robert Graham wrote a great blog post explaining why so many IT certifications suck.

TL&DR: because they are trivial pursuits instead of knowledge assessment tests… but do read the whole post and compare it to your recent certification experience.

9 comments:

  1. It might not be the best question but it's far from the worst I've seen. And someone that knows how traceroute works on various platforms such as *nix, Windows, Cisco is likely to have a pretty good general network knowledge.

    I do agree that a lot of tests aren't great. At the same time I've sat on the other side of the table as well on the development side and I know how challenging it is to produce content. Testing is much more difficult than people can imagine. Finding the minimally qualified candidate, statistical analysis and so on.

    If you really care about making certifications better you should join a subject matter expert (SME) program to bring valuable input into the development phase of these exams.

    ReplyDelete
  2. 1. Not "trivial pursuits" but "trivia pursuits" or "pursuit of trivia knowledge". Studying for CCIE is not trivial, and i don't think Graham means this.
    2. A network engineer that has ever studied for her CCIE using a Linux box knows the default Linux traceroute behavior. You will bump into this trivia knowledge during your studies when having a multipath that does per-flow load balancing in your topology and you see your traceroutes all over the place.
    3. The cisco exams, (even some tasks of the ccie lab) are choke-full of trivia (if not exclusively). I think most cisco cert test-takers are used to this, and this is what they prepare for.
    4. CCAr and VCDX do a board review of candidates and their designs. I don't know if they also test trivia.

    ReplyDelete
  3. Great post and the write up is interesting. I love the exam question considering that ttl and echo are not "protocols" but options/knobs used in a protocol. Most old school engineers know the UDP vs. ICMP use for Traceroute from OS packet traces of traceroute. Actually for a bit of "trivia" that is how early security os detection freeware utilities determined the difference between a windows and linux OS. They used the difference as part of the OS's signature.

    ReplyDelete
  4. That's why I decided to become CCIE Emeritus after many years of taking stupid recertification exams.

    I am working with pretty complex networks and see no correlation between CCIE program and real life networks where working wit the sniffer is a must and complex issues does not fall into any CCIE program scope.

    Bogdan

    ReplyDelete
  5. I sat for (and passed) my first CompTIA Security+ exam back in 2008. I recall it being fairly easy and trivia-based at the time. Earlier this year I was required to take the Security+ CE exam (because my new employer wouldn't accept my grandfather'd Sec+). I honestly barely studied some of the expected trivia, not thinking much had probably changed in 8 years. I was simultaneously shocked, yet pleasantly surprised, to see quite a few challenging simulations testing my knowledge of where to insert what security measure and/or technology and why, and I mean from layer 1-8. I was honestly a bit overwhelmed and really had to reason through the majority of it; I was certain I'd failed this exam, almost walking out halfway through. When I walked out and saw I'd actually passed with very high score, I was both shocked and pleased that the exam agreed with my assessment of security technologies and completely attribute the pass with my real-life experience with security over the years. It was then that I realized that at least some of these vendors are hearing our calls to action and actually stepping up the game based on skills-based challenges we encounter in real life.

    PS- I agree with Daniel Dib, be part of the solution and participate in exam question creation where available.

    ReplyDelete
  6. Well I recently took VCP-NV and CCIE RS Written exam and both were written pretty poorly in terms of what are core areas of focus of exams and what they ask. In CCIE RS even some questions were completely wrong.

    Also it's always hard to understand what level of theoretical knowledge exam expect from you. Forget about Traceroute implementation, even if we go back to TCP-IP, how many people you think could answer difference between Push and Urgent flags ? While the exam blueprint will just mention - Understanding and Troubleshooting TCP/IP network.

    HTH...
    Evil CCIE

    ReplyDelete
  7. The 'exam industry' wants your money (spent on books, exams, bootcamps).

    When my friend wanted to be a Cisco TAC engineer a few years ago and Cisco simply wanted him to pass an exam to prove his knowledge. The funny thing is that he was an active CCIE;).

    ReplyDelete
  8. Any cert has questionable questions, and from the time of transparent fabrics the problem is hard to be dealt with.

    Case in point:

    R1 has two eBGP sessions to ISP1 and ISP2 (one to each ISP router), and R1 receives the same prefixes through both links. Which configuration should be applied for the link between R1 and ISP2 to be preferred for incoming traffic (ISP2 to R1)?
    A.increase local preference on R1 for sent routes
    B.decrease local preference on R1 for sent routes
    C.increase MED on ISP2 for sent routes
    D.decrease MED on ISP2 for sent routes

    THAT is a good example IMHO. As soon as you go the "but you know what they want you to answer" you are lost

    ReplyDelete
  9. People focus on "traceroute" vs. "tracert" but it is not the case. There is no "default protocol" in Linux, default is a property of particular tool. I use mtr on Linux and it uses ICMP by default.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.