Rating Cyber Security Practitioners
Do you like hyper-masculine, gladiatorial confrontations where losers suffer not just the ignominy of defeat but significant even permanent loss of status in a rigid hierarchical system? You do, do you? Well then you’ll like this.
Or do you think that sounds detestable? If so you’ll want to defeat this barbarous idea before it takes hold. Keep reading.
The number of security qualifications has exploded. There are over 40 certifying bodies alone1. Hundreds of University courses. Dozens of community-based competitions and tournaments. It’s no wonder students can’t figure out the relative value of each of them.
Employers are lost in a sea of acronyms too. How does one compare CREST to SANS to CISSP? It’s a simple answer. You don’t. Some of these courses are excellent and the role of the teacher is a noble one, but the qualifications don’t tell you much about an individual’s relative ability. There are too many of them and they are too widely held to be much of a discriminator. Even for candidates, there’s little reason to be selective. For commercial certificates, if you don’t pass you’ve got nothing to lose but the retest fee.
There’s something about all this that’s disconnected from reality. There’s a degree to which even Capture The Flag falls short. It’s not the material. It’s the lack of an individual opponent with real skin in the game. It’s the consequence-free outcome. It’s the artificial insertion of a certification body between the challenge and the challenged.
/cdn.vox-cdn.com/uploads/chorus_asset/file/23906794/VRG_Illo_STK022_K_Radtke_Musk_Bolts.jpg)
