Categories
security

Information Security Certifications are Worthless and Causing More Harm than Good

Agree to some extent. In some places getting a certificate is just a means to get through the door. But yes it has very little to do with actual skills.

Here’s an excerpt from a 2016 Ars Technica article: Recruiter Thomas Ptacek, whose Chicago-based agency Starfighter specializes in recruiting security folk, describes the CISSP as “a joke,” and claims that in his experience a job description requiring a CISSP was a warning flag to industry elite not to apply. “I don’t think there are that many high-level practitioners outside of management who put much stock in the CISSP,” he says. Dan Tentler, founder of the attack simulation consultancy Phobos Group, compares hiring infosec workers based on passing an exam to hiring other professionals on the same basis: “Would you feel comfortable letting a doctor be your primary care physician if all it took was to pass a written multiple choice exam?” He believes that “ISC2 is making money hand over fist,” and that the organization is “diluting the market with

Source: Information Security Certifications are Worthless and Causing More Harm than Good