One of my favorite scenes in the movie Tommy Boy was when Tommy explains his opinion on what a warranty is. I, often, feel the same way about certifications:
Tommy: Here’s the way I see it, Ted. Guy shows your a fancy certification ’cause he wants you to fell all warm and toasty inside.
Customer: Yeah, makes a man feel good.
Tommy: ‘Course it does. Why shouldn’t it? Ya figure you put that little box under your pillow at night, the Certificiation Fairy might come by and leave a quarter, am I right, Ted?
[chuckles until he sees that Ted is not laughing too]
Customer: [impatiently] What’s your point?
Tommy: The point is, how do you know the fairy isn’t a crazy glue sniffer? “Building model airplanes” says the little fairy; well, we’re not buying it. He sneaks into your house once, that’s all it takes. The next thing you know, there’s money missing off the dresser, and your daughter’s knocked up. I seen it a hundred times.
I’ve taken a few liberties with the context, but that is just the cynic in me. For the most part, certifications really only show that you are able to pass a sampling of questions, on a particular subject matter.
When I started-out in IT back in the 1990s, I was once asked to study for a Microsoft exam. I recall purchasing a large book with over 500 pages, cramming for multiple nights, then taking the exam and failing it by a few questions. It was a very humbling experience, and one that motivated me to study harder and obtain my MCSE. I wasn’t one of those guys running around with a new signature line, I passed it just for myself…and of course my resume.
A few weeks later, I met a friend from college for drinks because he had just passed his MCSE as well. I started asking him about his study methods, and found out he had found a website that provided the verbatim questions and he just studied that. This was not exactly fair, in my book at least.
Over the decade, I’ve seen many vendor and industry certification exams find their way online. Even so, I also met just as many people who never had a certification who knew more on a platform or subject than most people with the certifications and even some who taught classes on the certifications. Even so, I’ve continue to obtain a few here and there, because companies, human resources, and most of all, my own sense of self worth continues to value them.
Now I’m seeing cloud certifications pop-up all over the place.
CA has a program for their 3Tera platform.
IBM has their Certified Solutions Adviser – Cloud Computing Architecture
Red Hat has a Red Hat Premier Cloud Provider Certification
The most interesting I’ve seen, so far, is the new Certificate of Cloud Security Knowledge by the Cloud Security Alliance. While I’m very interested to see what the curriculum will contain, I’m just as interested to see if this certification is adopted like the CISSP, CISA, and other vendor-neutral certifications. The fact is, beyond the resume fluff, A-Z signature lines, and chest poking, the Cloud needs a common-criteria for security standards. Companies are popping-up over night and offering new services or applications and without really thinking through what security really means.
So is the certification fairy sniffing glue, or am I? Would a cloud security certification help provide some form of a standard level of knowledge that cloud providers, engineers, architects, and others could use to deliver their services and offerings?
{ 2 comments… read them below or add one }
Based on what I've seen of the CSA's work, I'll probably study up for their certificate, just to see if I'm current with what that group sees as being foundational knowledge for Cloud security. Otherwise, it's just for me.
I love the Tommy Boy analogy, so true. I have a very similar story with the MCSE. I drank the MCSE Kool-Aid up until I discovered the security side of IT. I currently maintain a few security certifications so my resume or Bio does not get passed over by HR or a potential customer.
The knowledge that the Cloud Security Alliance has provided in their documentation has been tremendously helpful and I applaud them for that but I lose some of that respect with the intro of this cert. Read the criteria for creating and maintaining a CSA chapter. It's not easy! When I read it I went from skeptic to fan. Now I feel if there is a local chapter in my area there will be 10 or so people certified and someone will host a study group, as each person gets certified everyone will clap while welcoming them to the brothersister hood. Similar to a few user groups that consider the CISSP or CISA the platinum standard. I do hope I’m wrong because I want to believe in what they stand for and that this cert is not just another way to pad someone’s pocket.