Certification; killing innovation?

Posted by Roel Gloudemans on 2 February 2008 | 0 Comments

Tags: certification

Many employees require their personnel to be certified in certain areas. This could be area specific certificates, like security, or vendor specific certificates, like MCE or CCNA. The reason behind it seems very obvious; the certificate is proof that one has mastered the necessary knowledge. It reduces the risk for the employer or customer of having an inadequate staff.

But what is the value of certification really? In real life, I have seen certified technicians that I wouldn't even let near my home network, let alone the a business critical infrastructure. Actually, this is a well known phenomenon and is due to various reasons. The most obvious are:

• Most important one is the quality of the course leading to certification. I think the earlier Microsoft certifications are a great example of this. People learned how things were done in the GUI, but they forgot the part of telling people how the underlying standards worked and why they were what they were.
  
• The fact that many certificates don't need to be renewed. Especially if the certificate is gained by performing well on an exam, chances are that most of the knowledge needed is in short term memory.
  
• Even if certificates do need to be renewed, employers and customers hardly ever check if they are still valid. I'm sure that there are a lot of people out there who write that they are certified on their resumes, while they actually are not (any more)
  
• There's no substitute for experience. But experience noted on a resume might be misleading. Every project has its leaders and followers; their resumes often looks the same.
  

Most of the certificates that are held in high regard, have a way to cope with these previous points and they deliver highly trained professionals, who really do know what they are doing. I think the real problem with certification is that people learn to think along certain lines. This is something that struck me, while I was at a security conference. Everyone I met, approached a given problem from the same angle and came to the same, predictable, solution. Talking about security, this is a bit scaring, because if reactions are predictable, this gives the hacker (who if most often not certified and/or trained and thus highly unpredictable) an opportunity to go around them.

To find the optimal solution for a given problem, the problem must be approached from multiple angles. In my experience certification (and cources) interfere with this. Certified processionals, will deliver an excellent solution for a given problem, but it may not be the best one possible.

My remark is not only valid for the field of security, but business as well. If you want to know what your competitor is going to do next, dig up his resume and look for his courses and certificates.

Innovation happens when problems are approached from unusual directions, also called "out of the box thinking". Courses and certifications put you firmly in the box, making it harder to escape. So next time you, or your boss, wants you to get a certificate, think hard on the reason why. Buying some books and starting a study group with some colleagues might have the same effect, without putting yourself in the box.

As for how to get the next job, with a seemingly poor resume? Just put your thoughts on certification in the letter, if you do that right, you will spark some interest, get invited for an interview and dazzle them with your innovative insights.