Monday, February 19, 2007

Forensic Certifications

It's been a while since I gave this some thought but most recently I was considering the whole certification debate. A question I often ask myself is when did certifications become a status marker? Wasn't the idea to simply prove proficiency in a given subject? Some of the brightest in the field don't posses an EnCE, or the ACE . I read several forums where people ask "what certification should I get?". Almost immediately I ask myself, why would you need a certification? What exactly is being certified? That someone is proficient with a tool? Why not call them proficiency exams? That's really all they are. Does answering 70% of questions correctly actually certify you as a forensic examiner or an expert in your field? These "certifications" remind me of the buy a degree online websites where you can get your name on any diploma you want for a mere $80.

There are several certifications that are based on practical applications of forensic methodologies and processes. The CFCE is pretty rigorous as far as certs go. You actually have to examine something (several somethings in fact) in order to pass. The CCE forces people to pass three practicals in addition to a written exam. The SANS GCFA practical is optional now if you want to go for the gold level.

What's the point of all of this you might be asking..well here you go. Why don't we form two major governing bodies to certify individuals as digital forensic practitioners? One for the Law Enforcement side of the house, and one for the civilians. In addition these certifications need to be a heck of a lot more difficult. I know It's certainly not a likely scenario. After all, these certification box houses are making a killing off of people and guess what? Management is eating it up! There's no end in sight. I think I'll start a certification and call it MRABAPAT (Managed to Read A Book And Pass A Test). It can be yours for $2500.

In my honest opinion it's silly issues like this that hold back our profession. Science isn't about the letters after your name.


Ed Wiget said...

I couldn't agree with you more. For example, my resume is here - and I have been a year trying to find a job without certifications. Always comes down to being over-qualified or not certified, yet I have 20 years experience. I also blogged about your blog here -

Anonymous said...

You have to play by the rules of the game and not try to fight the market. Never fight the market, its much bigger and stronger than you. If you have 50 years experience and a job asks for a CISSP or some other cert, then its simple: get that cert and move on. But if you go on and tell your client I dont care about certs, well, there are plenty have have it. Being certified is not just have a name on a paper.
Think about medicine. Some doctors cannot do surgery (be it heart, dental, etc) without being Board Certified. Most, if not all, need a Doctorate degrees.
In IT, certs just mean that you posse the knowledge required in some field, not just someone who was network admin for 10 years and decided to switch to security or forensics all of a sudden. Does not work that way.
A lot of security certs require 4 years+ before you get your cert.

Dont like the game, someone else will take the job.