 |
|
 |
|
 |
Greg Neilson
|
|
|
|
 |
 |
Style over Substance? |
| In the wake of Microsoft's announcement of its new security certifications, Greg discusses what changes really would have impressed him. |
| by Greg Neilson |
|
7/9/2003 -- Last month Microsoft introduced new security specializations for its MCSA and MCSE titles. Frankly, I just can't get excited about them.
To me, MCSA: Security and MCSE: Security seem to be more about sending another signal to the IT world that Microsoft is serious about security than about offering certification paths that will benefit holders and those who will employ them.
Of course, all vendor certifications are about marketing in one way or another, but these new announcements appear to have less substance than most. After all, the exams were already there -- these new certifications only offer a new label for them. This seems to be not unlike when Microsoft announced the now-defunct MCSE+I title, which rightly died a quick death because of the meaningless adoption of the "Internet" within its name. It never reached critical mass and was soon abandoned. And let's not mention all of those MCP specializations that also no longer exist . . .
Nowadays security is such an integral component in working with an operating system that separating it out for a certification title doesn't make any practical sense. (This was the argument that Microsoft certification representatives had used in the past when asked about including a security specialization; that it was included in the core certification program). It's like offering a driving license with a specialization in the accelerator. Hiring managers will likely assume that someone with an MCSE will likely have the knowledge already required for the MCSE: Security. So, where's the beef?
If I were in the position to tweak Microsoft's certification program, there's three changes I'd would have made instead:
1) Add a compulsory hands-on lab exam to the MCSE.
See my earlier column here for more on my reasons for this.
2) Require fewer exams overall in the MCSE program.
Let's face it: The number of exams needed to earn the MCSE (seven!) is getting ridiculous, especially considering that with the current elective options, most people will take all operating systems exams instead of those in areas like Exchange and SQL Server. There simply isn't a need to take that many exams on one topic, no matter how complex the information can get. Surely five is enough! Otherwise, the certification program becomes more of a battle of attrition than a test of technical skills. Plus, there's already too many overlapping objectives within the content of the program's current exams.
3) Add electives for scripting and automation of administration tasks.
This is such a powerful area --- something I think more people should have a good working knowledge of. Certainly those who do system administration for Unix and mainframe platforms are expected to be able to work with scripts, so I don't see why the same shouldn't be true for those who work with Windows.
One thing I will say for the security specializations is that the inclusion of the CompTIA Security+ exam (as an optional elective) is an interesting development. I see it as further evidence that these single CompTIA exams covering elementary knowledge in a specific area can be more useful and valuable when part of a larger certification program (we also see this with the use of CompTIA titles in other programs, including Novell). Maybe this is the role that CompTIA will play in the industry going forward -- providing common building blocks for other certification programs.
Now if Microsoft can do something about the never-ending stream of hotfixes I have to have my team analyze, test and deploy to our supported server fleet, I will be impressed. A cynic may say that at least it keeps us employed, but it sure doesn't offer any business value having to waste so much effort here. The jury is still out on whether Windows 2003 is going to deliver on the promise of the trustworthy computing initiative, or whether we will have to wait for something else altogether.
Are you interested in completing these new certifications? If the new certifications left you flat too, what changes would you be excited about?. Let me know by posting your thoughts below. 
|
Greg Neilson, MCSE+Internet, MCNE, PCLP, is a Contributing Editor for Microsoft Certified Professional Magazine and a manager at a large IT services firm in Australia. He's the author of Lotus Domino Administration in a Nutshell (O'Reilly and Associates, ISBN 1-56592-717-6). You can reach him at Attn: Greg.
|
|
| |
|
More articles by Greg Neilson:
|
There are 42  user Comments for “Style over Substance?”
|
|
Page 1 of 5
|
| 7/9/03: anonymous says: |
Microsoft's new security additions I think are a little late. While they may have good intentions, their system is seriously flawed with security holes which could have been solved if they did not always rush to production and then weeks afterwords release service packs. Whilt it is good to have knowledge of microsoft's security practices, I feel having a more general baseline of security knowledge such as security Plus may be more benefitial as many of the attacks that happen on systems, while occur on MS systems, are often general attacks like DDOS or Syn flood... |
| 7/9/03: Moe Munee says: |
Nice to see we basically got rid of the guy who can't write! |
| 7/9/03: Anonymous says: |
If MS knew anything about security, they would remove the ability to use the CompTIA SecurityPlus exam at the MCSE level; SecurityPlus is fine at the MCSA level. MS tends to think of MCSEs as their evangelists, so an MCSE in Security should have to take the ISA Server exam and an MCSA should retain the ISA Server or SecurityPlus option. I took the ISA Server test, passed it and thought it an interesting technology to study. |
| 7/9/03: Anonymous says: |
Greg, your first point reminds me of the Cisco CCIE tests; just pass the written and the practical and there you go. The problem with Cisco CCIE and any other exam that focuses on practical knowledge is the disregard for understanding of the fundamental concepts behind something. I know many CCIE that have great practical skills but can't formulate a conceptual plan to save their life. Your second point marginalizes and trivializes the amount of knowledge required to design, implement, and support Microsoft networks. So much of that knowledge interacts with each other. For example, the 70-214 exam requires a solid fundation in Active Directory, GPO concepts, and some networking technologies covered in 70-217 and 70-216 exams. Your third point is practically impossible to implement in a testing center. Such a concept would border on nothing more than read some code and detemine if it will accomplish the the task. Also, scripting and automating tasks tends to be job-task, application-oriented, and work environment specific. Greg, next time, please think before you write because this article really reveals what you don't know about the certification testing process. |
| 7/9/03: Anonymous says: |
While I disagree with many points in Greg's article, he does make a valid point: How will an MCSE-Security distinguish themself from an MCSE? Most hiring managers might not know the difference between the two other than the "security" rating. I could see MS developing an MCSE-Systems for folks that have to support Exchange server and other key infrastructure servers and don't need the MCDBA moniker. Or how about an MCSE-Administrator where the core design elective is shifted to regular electives and all the electives are Windows 2000 or 2003 Administration tests??? There could be an MCSE-Design where all the electives are based on design tests only. I guess with this logic even and MCSE-Manager and MCSE-Janitor title could be fashioned. |
| 7/10/03: Anonymous says: |
Here's the problem with people studying for "unique" Microsoft tests; it's just another single-vendor focus. I realize Microsoft is the big dog now, has been for a few years, and may be for some time. However, a lot of the unemployed IT guys are those who only dealt with Microsoft administration and that's it. I find this to be rather amusing because Microsoft knew this would happen all along. Do you really believe their programmers are there to help you advance in your career by learning the products they thought up? If you want to be a true IT guy, you really need to focus on it all. First, get a degree; preferably a business degree so you understand what business is all about and not just what the IT realm consists of. Then, get the basics with CompTia (NetworkPlus, ServerPlus, SecurityPlus, IT ProjectPlus--APlus too, but only if you're brand knew to this whole IT realm) and get the full range of base knowledge you need to work in a full IT shop. Then, with a thorough baseline behind you, focus on CISCO, SUN, and Microsoft certifications. I have yet to see anyone in the IT field lose their job with this type of overall background. If your sole focus in life is getting every Microsoft cert there is, without the basics, then you're obsolete as soon as the next version comes out. I saw this happen to many NT 4 gurus when Windows 2000 came out and the company no longer had a need for those only certified with an MCP or NT 4 MCSE. Amazingly, those with the basics and the degree, stayed on; the majority of which hadn't completed their MCSEs and had no intentions of doing so. And now Microsoft, who's products are so full of holes that you're almost afraid to open e-mail sometimes, wants to focus on security. Come on, give me a break. They've known about the holes in their structure for many years, but the project management focus is to get the project out as soon as the window of opportunity is there. With Linux architects pushing hard to get products into the PC arena, do you really think Microsoft is going to focus their time on quality management? No, because they can't afford to and quite frankly, don't have to. So, keep getting your MCSEs from here to eternity. As long as you don't get an MBA and overall certs, I will stayed employed forever. Just food for thought. |
| 7/10/03: Anonymous says: |
I couldn't agree more with the broad scope of knowledge. Let's face it, the majority of the IT paper certs were Microsoft abusers. There is a reason why people at home and in small offices can set-up and run a Windows network; it's really not that difficult. I want a fellow IT guy who made it through college, understands business and what our true purpose is, and understands the entire realm of IT first and then gets the vendor certs when neeeded. Very good food for thought... |
| 7/10/03: Anonymous says: |
Finally, some commonsense in the last two postings...get a degree, keep your job...accountants, engineers, doctors have to do it to make the pay equal to ours and so should we...ofcourse, Bill Gates didn't finish his school before starting Microsoft:) |
| 7/10/03: Anonymous says: |
pretty good posts, but even with the college degrees and certs galore, where's the jobs? all of these people with 15 years experience and graduate degrees and manegerial experience yada yada yada are still competing for jobs that pay less than half of what they made earlier, and 100s of applicants for a single position...! how can anyone possibly see this field rebounding, when Microsoft and HP and other tech giants are spearheading the drive to outsource 100,000s of jobs to India and China and Russia and all of these other "developed barely past 3rd world" countries"?? being a pessimist isn't going to help, sure, but let's face it, the certs only make money for the vendors, and they have little impact on anyone getting a real job out of all this, which really is what matters when you get down to it. the last interview I went to, where the guy who interviewed worked at a Cisco and Microsoft certified gold partner, he had never heard of CompTIA, and this guy had 3 CCIE's working for him! can anybody say worthless? |
| 7/11/03: Anonymous says: |
If you were interviewed by someone hiring people in the IT field that never heard of CompTIA, do you really want to work for them? Come on, anyone in this field knows CompTIA. Anyways, I'm tired of hearing about IT jobs sucking simply because of jobs going to India, China, Russia etc. You know, it's not like those guys aren't studying all this tech stuff too. If they know how to do it, then they know how to do it. Yes, I am a true blood American born and raised. I even served in the military for eight years. Take a look at the big picture everyone. We all complain when CEOs of the large companies fail to make a profit and pay us dividends at the end of the year. Then, we have the audacity to complain when they do whatever they can to turn a profit and make us money. It's give and take people. The entire US economy is stuggling, change that, and the jobs will be there. I can guarantee you that the problem isn't jobs going abroad, it's the fact that corporate management cannot afford to have large IT staffs that aren't selling and or producing profitable items. Hence the real reason you need a business degree and the "broad" scope everyone has posted above. |
First Page Next Page Last Page
|
|
|
|
