[tptacek]

Hey. Again with these false dichotomies. The choice isn't between "certificates" and "never letting newcomers into the industry". In fact, if I accomplished one single thing at Matasano, it's getting newcomers onto our team.

https://sockpuppet.org/blog/2015/03/06/the-hiring-post/

I kind of resent my opposition to certification --- which I see principally as a way of keeping newcomers out of the industry, by requiring them to get expensive certificates to enter it --- being cast as opposition to new talent. I think opponents of certification are far, far more welcoming than the supporters are.

[raesene6]

<sigh> it's not a false dichotomy. The comment I was replying to was specifically expressing disappointment that his efforts in getting certificate would be overlooked because of a negative attitude in the industry to those certifications. I was merely expressing encouragement that not everyone would look on those certification efforts negatively.

The article takes what I think to be an overly absolute position in suggesting that certifications are actually harmful to the industry.

I'm not suggesting that you are opposed to new talent, I've not said that anywhere.

What I've said is that I think that cerifications can be useful for newcomers in demonstrating effort/ability in a field.

I think that those certifications can be useful specifically in scaling entry to the industry (I'm not saying they need to be expensive, heck I'd love it if they were free, but someone has to pay for the effort required).

The problem with leaving individual companies to review every candidate from scratch is that it's a huge waste of effort. If you're starting a SOC and have to fill 50 spots and get 2000 CVs across your desk, you realistically are not going to be able to take an approach of manually interviewing every single candidate.

Now and I'm sure you know more than I , that doesn't apply to high-end security testing companies, but different types of roles require different approaches.

[tptacek]

No, that's not all you said. Your original comment is right there for everyone to read. You attempted to co-opt a position on an orthogonal debate --- whether the industry is adequately welcoming to new talent --- as part of your position on certification. Since I'm a strong opponent of certification and I'm reasonably confident I've done more than you have to bring talent into this field, I object, vehemently, to that kind of rhetoric.

I'd appreciate it if you'd take a second to retract.

[raesene6]

The original article it titled "Information Security Certifications are Worthless and Causing More Harm than Good"

yes?

The top comment expressed quite clearly discouragement that this attitude of negativity to certification would affect their job prospects.

Yes?

My comment line that I'm presuming you object to is

"Whilst there are people that, unfortunately, take the attitude in the article, I think that there's a load of others that take a more balanced approach and recognise some of the value of certifications."

Didn't mention you, wasn't intending to mention you, referred to the article which clearly takes the position that certifications are actively harmful to the industry, a position that I disagree with.

If you feel I've insulted you, I apologise for that, but I'm afraid I'm currently a bit unsure as to why you feel insulted.