Thursday, December 2, 2010

More on certifications - getting the government involved?

I previously wrote a post on certifications that began as follows:

Back in the olden days, and even today, a person can get another person to attest, or "certify," that the first person is knowledgeable in a particular disciplines, such as blacksmithing or nuclear engineering. But there are billions of people in the world today, so new methods of certification have arisen. In some cases, an undergraduate or graduate college or university degree can serve as a certification, but sometimes additional certification is required.

I concluded by briefly noting that there was some question regarding whether certifications were worth it.

An Enterprise Efficiency post looks at the latter question, but with a twist:

The bill in question is S.773, the "Cybersecurity Act of 2009." It would, among other things, mandate that IT professionals be licensed and certified if they perform cybersecurity functions for the government -- or if they are government contractors dealing with "critical infrastructure." I put that term in quotation marks because it could mean anything the government decides it should mean.

Stiennon maintains that this is a terrible approach to cybersecurity, and I agree. Is there anything more disturbing than the prospect of government bureaucrats deciding what a "certified" IT security expert should know to do his or her job?

Yes, there is: Making the companies that employ these people foot the bill for their government-approved training.


More here.
blog comments powered by Disqus