DOD Providing Certification Recommendations

Certifications do not provide proof of competence they only prove capability to pass a test. There needs to be a apprentice, journeyman, and master process which includes the certification based on an evaluation by peers to accurately assess capability and competence.

If we want to create true security experts then we need to concentrate on a process of training and gaining experience by working with knowledgeable people rather than passing a test.

Certifications are meaningless.

Let's face it, someone responsible for securing a network needs to know how to secure the network, not the theory behind securing the network.

If I need someone experienced with a particular technology, I review resumes and find someone with that experience. It's really not interesting what certifications they possess. What's interesting is their experience.

Now, I find myself in the ridiculous position of making certification a requisite for hiring. If I find a well qualified applicant without the cert, I have to make a deal to cause them to become certified, even though they already possess the technical skills I require.

Experience and performance, these are key. Not the results of some test that has precious little in common with the reality of the challenges faced in securing today's technology.

The DoD has decided to take the cert path. I believe this was a bad decision that will not serve to improve the state of DoD's security. But hey, it briefs well.

While I was on the "certifications don't prove anything" bandwagon for several years, now I am of the it proves something and something is better than nothing mindset. I am still working on attaining a CISSP because this is what our customers want, period. It will not improve one iota what I already know - I may not know what we call it, but I know all too well what it is. It is impossible to create an apprentice/craftsman/master program within the military, so I know it will be ten times as difficult outside the same. These programs do not take into account soldiers who transfer from one skill set to the next and know less than the apprentices who they supervise. We need to have something and these certs and required training provide a starting point, albeit not a true test. Resumes are a joke as those with the greatest Resumes are those who are constantly fired for incompetence or promoted because we can't prove it. Certs prove nothing but a level of book knowledge, Resumes prove even less. Just my two cents worth.

A step in the right direction but nothing more than that.

I have sat many of the listed certifications but found that a Masters Degree to have been the most challenging of all. In fact, it was as challenging as all of my certifications put together.

However a degree does not measure experience.

The DoD should include both certifications and formal education. It may even want to look at the Institute of Information Security Professionals who take a wider view before awarding membership.

https://www.instisp.org

The DoD has provided funds and test vouchers to its Services, so the training and the certification is at no cost to the individual.

First, I'm not a big fan of certificates, just have 2 feet pile of them (from 70's and 80's - heh!) But - on low level jobs they at least show that you are interested? They don't provide knowledge as experience, not even near, but everyone has to start somewhere, college, university, certificates, whatever.

The certificate, as a citizenship, pledge, signed contract, etc doesn't prove that you can do the job or that I can trust to you. 15 minutes friendly talking gives a much better view who you are. Unfortunately today - most of the positions are based on not to the evaluation but on perception that the current system is the only, best, never before seen or used, infallible, etc which finds the best and most trustworthy people for those positions.

Seen that, lived that, tried to recover from that, tried to make some sense of that, still trusting myself more than any certificates, still looking the personal traits instead of grades and numbers, etc..

For certificates, see the latest development in S.F. - interesting, for the other papers and pledges, read the history - computer or spy history or whatever, did a paper ever prevent anything or did it ever guarantee a performance? Didn't think so..

I have been working with the DOD and most recently Army as a IT defense contractor the last 2.5 years. I personally agree with this transition. Many have made good statements about how certs do not make a quality employee or guarantee quality workers but in my opinion it reduces your chances of getting a lacluster employee or potential mistakes. The DOD and Army are about standards and procedures and setting standards for its workforce especially IT is no different. Just as they require a soldier to have gone through a training course to handle a rifle before sending them into combat. Now there may be someone who has been shooting rifles for the last 15 years and may be better at using them then the instructor but they still have to go through the course as they should. This ensures they have a foundation knowledge required to do their job and it has been proven by some standards. Taking peoples word for it or relying on individual evaluations is both time consuming, error prone and irresponsible. Setting standards for the workforce such as base certifications will only set a baseline for the quality of workers one gets. When a worker meets those baselines you can do individul evaluations for hiring and promotion. I personally have recognized this and have gotten 2 IT certifications in the last 2 months and plan 2 more before the end of the year. Besides it's free training to distinguish oneself.

As for cost at this point they are accepting these employees without the certifications but are requiring new hires to get them by a certain time. They provide training and cover costs to do so.