[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: certification

To: Stephen Potter <spp@psasolar.psa.pencom.com>
Subject: Re: certification
From: Greg Rose <ggr@qualcomm.com>
Date: Tue, 10 Mar 1998 10:04:15 +1100
Cc: sage-members@usenix.org
In-reply-to: Your message of Mon, 09 Mar 1998 15:02:57 MDT. <199803092102.PAA03277@psasolar.psa.pencom.com>
Sender: owner-sage-members@usenix.org

Stephen Potter writes:
>My particular "tirade" was because of the example job posting which got
>quite specific as to the badges wanted, including badges for PGP and SSH.
>All the most SAs are ever going to need to know about either of those is
>how to install it (read the INSTALL, it is pretty simple) and how to use
>it (again, read the README).  There is no reason for a merit badge of this
>kind, and I'd hate to see someone not be able to get a job because of not
>having a merit badge for such skills.

My particular point, which I apologise for not
making properly, was that *for this particular
hypothetical job*, in a company of 7000 with more
sysadmins than you can poke a stick at (but still
not enough), advertising for and getting an
applicant with a "PGP/SSH" Merit Badge would be a
good thing. Of course we would not advertise
*every* position as requiring such a thing... that
would defeat the whole purpose.

Assume for a moment that you know nothing about
cryptography except that people you respect (or
who pay you) have insisted that using PGP to solve
a particular administrative problem is the way to
go. So, when you are interviewing candidates for
the position, do you:

1. Ignore the fact that you know their first job
is going to involve using PGP, and ask them
questions about perl or DNS.

2. Ask them questions about PGP and get the answer
"Yes, I know about PGP, pretty good isn't it?",
and then what?

3. Ask for applicants who list a PGP Merit Badge
(and hence might be more interested in this
specific job, and at the same time perhaps reduce
the number of non-starter applicants) and have
some assurance which you are unable to otherwise
obtain that they do, indeed, know more than (2)
above.

As I see it, the point of the merit badge was to
give you some assurance that the interviewee
actually has the skill claimed, when the
interviewer has no other way to know.

Let's get one thing straight... PGP is a terrible
example, for exactly the reasons you are citing.
But it is one example for which *I* can contribute
something! Let's all (reiterating Pat for a
moment) think about what *we* could contribute.
Tom or Larry for perl? Why not. Eric Allman for
Sendmail? Why not. We've got the skills.

>My particular "tirade" was because of the example job posting which got
>quite specific as to the badges wanted, including badges for PGP and SSH.

It was meant to be specific, and it was *only* an
isolated example. If you want a person to be the
only sysadmin in an isolated (not
internet-connected) NT shop, ask for the NT and
Netware badges. There would presumably be
fundamental knowledge badges. DNS and Cisco, out
of my example posting, I would consider to be
"fundamental" for that particular job, and of
interest to many more people. NT, Solaris, AIX,
Backups, ... I could go on and on about what
might be considered fundamental. Note, though,
that even then not *everyone* has all of these...
I know good sysadmins who have never needed to
take their own backup!

A lesson from Marketing (Acck! Phht.) might be
useful here. There are horizontal markets and
vertical markets; horizontal markets are ones
where all sorts of people need the stuff. Rocket
scientists, doctors and waste collectors all
eat... food is a horizontal market. Vertical
markets are specialised for special needs; doctors
buy blood pressure thingys (sphygmomanometers(?))
but rocket scientists buy whatever it is they buy
to measure the pressure of a rocket exhaust. These
are vertical markets. Waste collectors don't let
the pressure build up. :-)

A PGP Merit badge is a "vertical" badge. Expect to
see very few jobs needing them, but the ones that
do, really do.

A DNS Merit badge is a "horizontal" badge. Not all
jobs need it, but many do, and a well rounded
sysadmin should give serious thought to having
one.

>All the most SAs are ever going to need to know about either of those is
>how to install it (read the INSTALL, it is pretty simple) and how to use
>it (again, read the README).

If you think that, then you are mistaken.
Installing is simple. Using them simply is
simple.  Designing network security for a
worldwide company using them is not at all
simple. We have people (multiple) who spend a lot
of time on this. My hypothetical job posting was
for their replacement. God help us if they
leave...

Greg.

Greg Rose               INTERNET: ggr@qualcomm.com
QUALCOMM Australia      VOICE:  +61-2-9743 4646   FAX: +61-2-9736 3262
6 Kingston Avenue       http://people.qualcomm.com/ggr/ 
Mortlake NSW 2137       B5 DF 66 95 89 68 1F C8  EF 29 FA 27 F2 2A 94 8F

Follow-Ups:
- Re: certification
  - From: Stephen Potter <spp@psasolar.psa.pencom.com>

References:
- Re: certification
  - From: Stephen Potter <spp@psasolar.psa.pencom.com>

Prev by Date: Re: Teaching Soft Skills (Was: System Administration)
Next by Date: Re: certification
Prev by thread: Re: certification
Next by thread: Re: certification
Index(es):
- Date
- Thread