Absolutely; as I just wrote in another reply, a certification is a measurement of a minimally-qualified candidate, and most employers aren't satisfied with hiring minimally-qualified candidates.
I think they posted based on their own experiences in the field of IT. I also have a certain amount of cynicism about the value certifications; I didn't earn any until after I started with Novell 8 years ago.
Of the ones that I took, the exams that I found to be the most challenging (and rewarding to pass) were the performance-based exams associated with the Novell Certified Directory Engineer (which was definitely a cert worth earning when it was available) and with the Novell Certified Linux Professional. RedHat's exams are similar, and I know that their focus is on doing only performance-based testing (to my knowledge, they don't have any exams that are traditional forms-based exams).
There are a lot of people who create certifications who really don't understand what the goal is, and they don't go through the process of a proper psychometric evaluation of their exams, which means the tests aren't fair or an accurate representation of what a person knows. The fact that there are braindumps available for so many exams also devalues the certification because people rely on short-term memorisation of an answer key rather than actually learning what is needed to pass the exams, and eventually the assumption becomes that anyone who earned the certification likely earned it not by learning the actual content but rather by taking the 'easy way' and just learning what was on the exam.
The goal of any properly created certification (or exam) is to demonstrate competence for the minimally-qualified candidate. It sets a bar, but particularly at the entry level, it is only for the candidate at the lowest knowledge or skill. Experience counts more for a lot of employers (and I depended on that for years), but there are some (and I interviewed with one 15 years ago myself) who get hung up on the candidate not holding a certification, so not having it can be a barrier (or for me, not having it was a qualifier for a prospective employer - if the cert was more important to them than my experience, I didn't want to work for them).
Clearly, though, there are fields where certification is mandatory. To practice medicine in the US, for example, you need to be board certified. To work on cars, you generally need your ASE. To be an accountant, you need to be a CPA. To practice law, you have to pass the bar exam (which is a license, but licensing and certification are closely related).
The original purpose of IT certification (which Novell started in the industry) was to provide technical support resources outside Novell's support organization who were competent to support NetWare - the sales growth Novell saw at the time meant they couldn't build a large enough support staff to adequately provide technical support for the product. The CNE was created largely for partner organizations to prove to customers that their staff understood NetWare well enough to support it, and at that time (back in the mid- to late- 80's) it was required for people to provide support on the product.
The parent here is perhaps meant to be funny, but there is a nugget of truth in what he says.
Actually creating a certification takes a lot of work - I spent the past 5 years working as part of the team that worked on IT certification programs and exams at Novell. But to understand what certifications hold value in the industry, it does help to understand the process by which a program is created, because if a program isn't built around sound principles, then the certification will be worthless as anything other than a wall decoration.
First, you have to certify based on something people actually do. Certifications that have real value start with a job task analysis (JTA) and the program is built around what people actually do for a living. It doesn't do you any good to certify based on criteria that don't map to a specific job function.
Second, the testing methodology needs to be sound. People laugh about paper certifications, but paper certs are a real problem in the industry. This can happen because a question pool is leaked and a 'braindump' is created. Dealing with braindump sites is like playing whack-a-mole. So the testing methodology should resist braindumps, either through adaptive testing or through the use of performance based testing (sometimes called 'practical testing' or some variation of that). Practical testing tends to be more resistant to braindumps because that type of resource gives you the answer - but in a practical exam, you have to demonstrate the application of the answer. So if the braindump tells you "do x, y, and z", those are the steps you need to do to complete the tasks.
If a certification is ISO 17024 compliant, then it has increased value as well. That ISO standard specifies a number of things (which are adopted by other organisations, like ANSI) about how a certification is built. Vendor-specific certifications tend to not be ISO 17024 compliant (there are a few exceptions) sometimes because of cost or resource requirements. As I understand it, there are pieces of the standard that specify, for example, that the people who create the exam and the people who create the course materials cannot talk with each other about the content. The JTA information can (I think, it might be required or recommended) be shared between the two groups, but they must derive their own information from the pool of information about the topic. The purpose for this is that it's the knowledge that's needed, rather than the specific course materials created by the certifying body. In some cases, the certifying body just publishes the objectives and leaves it to others to create the courses around those objectives.
I'm also of the opinion that the value is higher if rather than relying on recall for answers, the exam requires cognitive skills. Exams like this tend to be much more labor intensive to create and evaluate properly to ensure they're fair, but that value is significant as well because then the certification shows that the candidate knows more than just the answer to the questions on the exam, but how to apply their knowledge in a useful way. Performance-based tests are really the best way to do this in my opinion.
The exams also must have gone through some form of psychometric analysis in order to be legally defensible. If a program uses multiple exam forms (which is generally the case), then the psychometric analysis is used to ensure the forms are fairly balanced and if a candidate can pass the exam on form 1, that they would most likely pass it on the other forms as well.
Thirdly, a properly built certification program is going to have continuing certification requirements. Some organizations (like CompTIA) used to certify "once and forever", but certifications like that really don't have that much value over the long term. I hold an LPIC-1 certification that I got in 2003, but that doesn't really tell anyone what I know about modern Linux distributions.
Certifications are helpful if you're going through the 'front door' trying to find a job - applying through a website or through a company's HR department. Certifications (like other things you might list on a CV or resume) are keywords that will get your qualifications looked at. More and more companies are using automated systems to sort through submitted CVs/resumes, so it helps to know what the company is looking for. But as others have said, it's better to work through an 'insider' (ie, someone you know at a company) to get a leg up on a job. That said, positions that I've been looking at have had an emphasis on project management, so PMI's PMP or CAPM certifications would be considered valuable. In the IT field, PMI's certs are useful, Six Sigma certification might be valuable depending on the industry, or looking at something like Novell's CLP/CLE, RedHat's RHCT/RHCE, and some of the Microsoft certifications are sought after (though from MS probably not the MCSE as much any more; they have some programs that are ISO 17024 compliant and those would be seen as being more valuable). LPI's LPIC-* certs are also valuable, and the more current CompTIA certifications also have value, though myself I'd look at the more advanced certifications both organisations offer.
I hadn't actually heard about this data center (I live in Utah), but there's a nagging little voice in the back of my head that's wondering if the NSA will hire prisoners from the nearby state prison, also located in Bluffdale.
Of course such an idea is ridiculous, but it's funny that the town will boast both an NSA data center and the state prison.
Right....because the whole reason a generation of people can't spell is because of J. K. Rowling.
Anyone worth their salt will be able to screw up a system so that an audit trail will be of little help.
Especially with physical access to the systems and a legitimate need to be in the server room.
If you have physical access, all bets are off. Whoops, that ethernet cable seems to have not been plugged in all the way - before I plug it back in, I'll just fiddle with the box a little bit to make sure that the interface isn't hosed as well - oh, what's this? Finance data. Flash drive, copy, clear history, plug cable in.
A smart IT person who means to do evil has plenty of options available and will know the ways they can be monitored and how to work around them. The first mistake any manager or auditor will make is assuming that the auditing software systems are foolproof. And of course there's also the delicate matter of explaining to IT staff that you're watching over their shoulders but it's not because you don't trust them. Only some industries have regulatory needs for that type of monitoring and auditing, after all.
Having an auditing system in place can be read by IT staff as "they don't trust us" which can actually lead to untrustworthy behaviour. I've seen that happen as well.
That's fine, your agreement isn't required.
But consider this: Many IT people came from a finance background, especially those who have been in IT for a long time. Back in the 80's and 90's, the finance people were the ones using computers the most (Lotus 1-2-3, anyone?) to track company financials. So when businesses started building IT infrastructures, they turned to the people inside the company who used computers the most: the accountants.
Now, combine completely unfettered access to all of a company's financial information and enough knowledge in financial matters, and what do you get?
It's not about bringing the company to its knees - not entirely. Someone who wants to cause real harm to a company is going to generally want to do it in a way that isn't noticed (whether they're in finance or not) so they can prolong the damage.
It's also about the fact that an IT person has access (generally) to *all* of a company's secrets. An accountant - even a CFO - doesn't have access to all that information.
When the goal is to build an infrastructure that's unified and easily administered (and were IT staff are generally added only when absolutely necessary - and often long after they're actually needed), IT staff are often treated poorly and given access to *everything*.
That's a recipe for disaster if your IT staff aren't trustworthy.
Sack an accountant for violating trust and your exposure is limited only to financial data that they had access to.
Sack an IT person, though, and you need to hire in outside consultants to go over *all* of the systems that the IT person had access to to make sure they didn't put any back doors into the system. By the time they find them - if we're talking about a competent IT person with a grudge - it's far, far too late.
I've seen it happen a few times over my career in IT.
I'm not saying that a lack of integrity is good in any position, but IT people are generally highly intelligent, very resourceful, and generally very cunning. Sometimes they're also social outcasts (though that's less the case now than it was in the 80's and 90's) that the employees in a company try to minimise contact with if they possibly can.
Good point - it seems to be less of a problem in the other areas (in my experience, in any event). Thing is that admin people tend to have access to data from multiple of the other organizations, so while I wouldn't say that hiring untrustworthy people in any position is a good practice, in IT it can be doubly bad because the IT staff can generally access docs on shared drives (for example) that belong to accounting, legal, etc - and can either disclose it or nuke it along with the backups.
That can cause a lot more damage than if an accountant nukes his/her data, because they don't generally have access to the backups or other system-level tools.
If they do, the phrase "you're doing this wrong" comes to mind.
But point well taken.
Really, I think this just highlights something I've said for years: If you don't trust your IT people, they shouldn't be your IT people.
It's a job requirement to be trustworthy when working in IT. Those who aren't pull crap like this.
Even if she hadn't gone to jail, if she got caught tampering with systems (either while employed there or after being terminated), she should never, ever, under any circumstances be trusted to admin a system again.
Ever.
I live in Salt Lake City and would check the signal riding between SLC and Provo, and even along I-15 (which is one of two major freeways in Utah), there was a strong propensity to drop calls multiple times along that 40 mile stretch of road, right where the bulk of the Utah population lives.
My AT&T problems (many, many dropped calls) ended when I switched from Blackberry/AT&T to Android/Verizon.
AT&T's coverage in Utah is notoriously bad. My company uses AT&T as a carrier, and consistently, those who had company-provided phones had problems, and when they dropped the company plan and switched to Verizon, the problems vanished.
When I started looking at switching, I did an informal survey of folks in the office, and those who were on their own plan were on Verizon and reported very few - if any - problems with dropped calls.
I'm very happy that I switched.
Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky
