[devsecguy]

Absolutely those are all important qualities but the idea that certs are completely worthless just doesn't hold any weight.

Can I ask if you apply the same logic to the lawyers? Do you think the bar exam is pointless? What about chartered accountants? Or Engineers? Should pilots have to pass a test? What about drivers license tests? Are they just worthless pieces of paper too?

[wglb]

The practice of law is an older field. When I hire a lawyer, I presume that they have sat for the bar, but my inquiry goes much deeper. If I need a contract reviewed, I try to ascertain if candidate lawyers have experience reviewing contracts, and look for recommendations for that service. If someone were to sue me, I would look for a lawyer who is experienced at litigation. In this case, a lawyers certification, which is the bar exam, is a known test for the knowledge of law, which is done after serious study.

Certifications such as the CISSP don't tell me as a hiring manager anything about a candidate's skill in the required areas. As a buyer of security services, a shop with CISSP services often has a negative correlation with quality of an application penetration test.