You can't secure what you don't acknowledge.SM

Friday, April 15, 2011

Be wary of the well-certified IT pro

You may have read that Gartner projects IT spending to increase in 2011. It's great news that may lead to hiring new staff or at least new consultants for your IT and information security projects....Just proceed with caution and don't fall for the "I'm certified therefore I'm all you need" persona that's rampant in our industry.

There are a lot of people out there looking for work - many of which have added one, two, perhaps five or more IT/security certifications such as CCNA and CISSP to their names over the past year. But you have to be forewarned: just because someone has passed a certification testing regimen doesn't mean he or she is going to be 1) a disciplined worker, 2) a good communicator, 3) have goals, or 4) possess that sticktuitiveness required to succeed in IT.

Certification only goes so far. In fact, I've often found that the more certifications one has the harder he or she is "trying" to prove something to mask other deficiencies (likely the very things you're in need of). Ironically, some of the sharpest and most productive people in IT and infosec have no certifications at all.

It's a harsh reality but it is what it is. Buyer beware.

Tuesday, April 12, 2011

Have no fear and be free

"The whole secret of existence is to have no fear. Never fear what will become of you, depend on no one. Only the moment you reject all help are you freed." -Buddha

This is great for personal power, personal responsibility and, of course, information security - just be careful with that "reject all help" bit. ;)