|
|
|
|
|
|
by hcazz
1662 days ago
|
|
|
That's antithetical to how the computer security industry should work -- arbitrary certifications don't guarantee compliance or security, at best they suggest it. To me, this feels like the same problem as OKRs in an organization. When your goal for success is a high score on the exams for a job rather than the ability to do the job, folks will optimize for the high score on the exam. Setting hard goals that determine success will determine where folks spend their time. Along those same lines, I don't see this as a problem for third party entities like CompTIA/(ISC)2/ISACA/Cisco/Etc to fix, but rather poor management and expectations of employees. OKRs and certificates aren't bad, they just need to measure the objective value to the organization as opposed to arbitrary standards (such as you must have X certificate to work here, or increasing pay based on certs earned). Those tests mentioned above can be useful litmus tests for folks in the recruiting space to sort through candidates, especially if they have a large number of applicants, but I worry that it excludes folks that could otherwise be very good at the job/role. |
|
|
Stupid example: You build a rocket, fly it, write how you did it. That demonstrates a certain understanding of physics as
If I want to require an understanding of basic physics I can require people to have done a project which satisfy that requirement.
I've been doing something similar for hiring junior engineers and how well they perform creating a project is the single most important factor to forecast their work performance. No leetcode required.