I'm getting disillusioned

Gregory Childers

Well-known member
  • Oct 22, 2019
    556
    934
    55,221
    Safety Harbor, FL
    www.linkedin.com
    Recently, I was on a CompTIA-related message board, and I noticed a disturbing trend. Most people posting were directly asking which multiple-choice questions other testers had on their exams and what PBQs they had. I was under the impression that sharing that information violated CompTIA's NDA. When I brought it up, I was met with derision and mockery.

    There were also a lot of posts recommending 16-hour free video series and questionable practice exams. When I suggested taking a class, using CertMaster resources, or getting a decent book from Amazon, I was again met with mockery and ridicule.

    There seemed to be a pervasive culture of encouraging cutting corners and taking shortcuts to "check the box" to get a cert and a tech career. They seemed to be mostly younger people with no experience whatsoever. It felt like a bunch of high school kids trying to share secrets on how to scam the system. None of them wanted to hear from an old geezer like me who told them they needed to study hard to have practical applied knowledge of the information and not just memorize and exam cram. My suggestions fell on deaf ears.

    Does what we do as trainers really matter? Even in my 20+ years of being a trainer, I've encountered the occasional student (or class) who didn't care about learning as they did about "checking the box." I know I can't make people want to learn, but it's challenging to help them when they have a poor work ethic and attitude. There will always be people who try to cheat the system to get a certification that, quite frankly, they don't deserve. Even if they get certified and get past the recruiters and hiring managers, they'll struggle to perform the most basic tasks because they took the easy way out. Employers will see them struggle and start to believe the certifications have little value in the real world.

    Maybe I'm just an idealist, but I strongly believe that certifications, or any education for that matter, have incredible value. They show that a person has a baseline mastery of a topic; for years, I've been preaching that the A+/Network+/Security+ trifecta should be the baseline level of certification for any tech job. Those three certifications are the broadest, foundational knowledge areas to cover how things work and basic troubleshooting. From there, a person can pivot into numerous different specialty areas.

    Why do we do it? Why do we choose to be technical trainers? Does anyone care any more?
     
    Recently, I was on a CompTIA-related message board, and I noticed a disturbing trend. Most people posting were directly asking which multiple-choice questions other testers had on their exams and what PBQs they had. I was under the impression that sharing that information violated CompTIA's NDA. When I brought it up, I was met with derision and mockery.

    There were also a lot of posts recommending 16-hour free video series and questionable practice exams. When I suggested taking a class, using CertMaster resources, or getting a decent book from Amazon, I was again met with mockery and ridicule.

    There seemed to be a pervasive culture of encouraging cutting corners and taking shortcuts to "check the box" to get a cert and a tech career. They seemed to be mostly younger people with no experience whatsoever. It felt like a bunch of high school kids trying to share secrets on how to scam the system. None of them wanted to hear from an old geezer like me who told them they needed to study hard to have practical applied knowledge of the information and not just memorize and exam cram. My suggestions fell on deaf ears.

    Does what we do as trainers really matter? Even in my 20+ years of being a trainer, I've encountered the occasional student (or class) who didn't care about learning as they did about "checking the box." I know I can't make people want to learn, but it's challenging to help them when they have a poor work ethic and attitude. There will always be people who try to cheat the system to get a certification that, quite frankly, they don't deserve. Even if they get certified and get past the recruiters and hiring managers, they'll struggle to perform the most basic tasks because they took the easy way out. Employers will see them struggle and start to believe the certifications have little value in the real world.

    Maybe I'm just an idealist, but I strongly believe that certifications, or any education for that matter, have incredible value. They show that a person has a baseline mastery of a topic; for years, I've been preaching that the A+/Network+/Security+ trifecta should be the baseline level of certification for any tech job. Those three certifications are the broadest, foundational knowledge areas to cover how things work and basic troubleshooting. From there, a person can pivot into numerous different specialty areas.

    Why do we do it? Why do we choose to be technical trainers? Does anyone care any more?
    Greg and I have been chatting about this backstage for about a week, now and I feel the same way at times. Sadly, there will always be people who want to steal what is of value, if they can get away with it. We've seen it here on CIN and with the TTT series with respect to vouchers. Maybe it's something that we really could take up at Summit, because it's always been a concern.

    But I think it falls on this group of professionals, those who teach and deliver the content - those who actually strive to make it work and be true blue to be the ones to stem this tide. There are some things that can be done, from my view:

    1) Make the exams either more difficult or more dynamic - This means that people taking exams and sharing this stuff on places like Reddit (r/CompTIA) will have less an opportunity to utilize dumpy technique to get a cert.

    2) Actually see some policing from CompTIA on the subject - I am generally supportive of all the great things that CompTIA does, but in this, I do have some criticality. We read about the NDA and the potential sanctions that can occur from violating it. And while I don't expect CompTIA to actually respond to this, I have to ask, has CompTIA actually ever taken action against a candidate who violated the NDA? What does CompTIA do to go after dump sites like TestKing and Pass4Sure that deal in ETE and VCE files?

    3) Keep talking about it - I think we, as instructors and content providers get out there on those boards and defend the 'right way of doing it'. Let these people mock us and deride us for our "old geezer" ways. Because we know in the end, folks that seek the quick fix to get certs because they are chasing that bag of money - well, that will show up in the employees they become. Granted, they dilute and even pollute the pool of candidates that are trying to do it the right way. But those of us who have been in the field can spot paper certs a mile away. If they want to deride and mock, well, I'd say, return the favor.

    Greg and I have talked a bit about the "imposter syndrome" - the feeling that we get when we feel like although we have the cert, we may not feel like we're worthy of it. But yanno, I think having the imposter syndrome is a lot better than actually being an imposter and passing one's self off as a real certified professional. And how do we get that? By checking and validating each other, celebrating each test we pass and working to purify the pool of instructors.

    Okay, I'm off the soapbox...unless there's more to be said...
     
    Let me pose it in a manner few want to consider. Some training companies (notice I did not say all), focus their efforts on "career changers" as their customers. They rush them through a series of three certification-related courses in a boot camp style 5-day format for each course. The students are being educated in a firehose manner, lacking sufficient time to absorb course content before facing the certification exams. Instructors are being evaluated based on student success. What could go wrong with this setup?
     
    I believe some (not all) training companies and some (not all) of their sales staff are more concerned with checks clearing and the number of butts in seats than helping people develop necessary higher-level skills. As much as I've enjoyed training military members, the DoD 8570/8140 directives have led to many paper certs. High school tech programs have led to a lot of paper certs. The promise of career-long employment and better-than-average pay lures in many people, including some with poor work ethics and bad attitudes.

    @Rick Butler , I know exactly what you mean about being able to spot people with paper certs quickly. I used to tell hiring managers that I could spot the difference between authentic people and frauds just by talking with them briefly.

    I also agree the exams need to change. People are memorizing brain dumps and sharing PBQs online. There doesn't seem to be enough risk to stop them from trying. Make the exam more hands-on. Make the exam 50% or more PBQs and build a large test bank so that two candidates testing on the same day don't get duplicate questions. The CASP+ has a VM environment question and a scenario-based set of tasks to accomplish. Have a few of those on all the technical CompTIA exams. Make the candidates prove that they have the required knowledge and can apply it correctly. OffSec already has hands-on lab environment exams. CompTIA should work to make the exams more task-oriented.
     
    CompTIA should work to make the exams more task-oriented.
    I asked @Patrick Lane about whether we were going to see more of those hands-on VM type questions in other exams (such as CySA+) and he indicated that was the case, so there's that. And maybe as CompTIA assimilates the TestOut material, it will create new opportunities for students to demonstrate their skill. We can only hope at this.

    One of the other things that MSFT used to do with some of their top tier certs, such as MCA was the concept of peer/board reviewing candidates. Other top-tier certs like CCIE, I believe are this way. While this is a double-edged sword, it can have the effect of creating a gold standard for certified professionals. However, the downside is that it doesn't help in the lower echelon certs, which is really where the problem lies.

    I also believe that the DoD has done considerable damage to the certification pool through 8570/8140. I've seen good people washed out because the DoD demanded they have Security+, however, the job they were doing had no call for it (I routinely tell the story of the two phone gals and one A/V camera guy that lost their jobs because of it). And that constraint of being Sec+ certified does make people more apt to cheat. Personally, I believe that the DoD should have its own certification that covers those basic security topics for the general IAT2/IAM1 audience, while allowing Security+, as well as other security certs to be valid for meeting the requirement.
     
    The military SHOULD require certifications for SPECIFIC technical roles. But they botched the implementation, requiring too many non-technical people to get certified. I wish CompTIA followed through with the Cybersecurity Fundamentals certification because that is great for non-technical people. The closest equivalent certification is the (ISC)2 Certified in Cybersecurity. ISACA has a Cybersecurity Fundamentals Certificate, but it hasn't seemed to get much traction yet.
     
    • Like
    Reactions: Kwabena Fred
    @Gregory Childers I saw that thread and it was (and is)... a mess. I feel like there were a few folks who pushed back against you or that had differing viewpoints who actually seemed to be interested in a conversation but it mostly consisted of you getting shouted down. Ridiculous.
    But understandable. These people don't want to be certified professionals. They don't want to learn and study. They just want that big bag of money that comes with the job (notice, they don't even really want the job!). So naturally, when someone like Greg comes along and defends the right way, well, so it goes. And I also agree that when a "get certified quick" advertisement comes along from a content provider that wants to make a few bucks from these people that are in pursuit of that bag of money. It's as I opened with - when people have something of value, there will be others who want to steal it.
     
    • Like
    Reactions: Brian Ford
    I'll chime in here with my two cents. I agree that there are many people who want to cut corners and just get certified - mastering a subject matter area is irrelevant to them. However, I've seen this since the 1990s when braindumps and "paper MCSEs" were rampant.

    At the same time, I think those who want to cut corners have a high fail rate, as many certification exams nowadays require both:
    a) Reasoning ability, and
    b) English comprehension.

    This is apparent with all 8 CompTIA exams I've written this past year. There were many questions where there didn't seem to be a correct answer, or multiple correct answers, and I had to reason out what the correct answer was using my knowledge of the subject area. Moreover, there were many questions where the English wording of the question mattered more than the keywords used within, which would thwart keyword-to-answer memorization by test takers.

    Together, I believe these question techniques make it incredibly hard for someone who "memorizes instead of understands" to pass exams. In other words, the amount of effort to pass an exam using a memorization-only approach would be significantly more than if they spent the time to understand and practice the subject matter area.

    There will always be people who try to cut corners and just get certified without putting in the required time to master the subject area. But I don't think those people ultimately get very far today.
     
    Last edited:
    • Like
    Reactions: Jill West
    Unfortunately, this seems like the trend across various certification exams; not just CompTIA.

    As trainers, we just need to continue doing our job of providing quality training, so that our students will not only be "certified IT professionals", but will be distinguished among their peers as "competent and capable".

    The industry is filled with these "certified" graduates who doesn't really have the skills and knowledge. One way to combat this is to update the assessments to use performance-based simulations rather than multiple-choice type of questions.

    Imagine an A+ certification exam where the individual needs to build a PC, install software and configure it within the day, or Pentest+ exam where you need to do Pentesting on a simulated environment. ?
     
    ... spreads the learning process over a reasonable timeframe for content absorption.
    And this is a key thing because the human mind requires time to process information and assimilate that into usable skill. People wish you can just download the information into the mind, much like The Matrix or Johnny Mnemonic, but what people don't want to give to the process is time.

    There will always be people who try to cut corners and just get certified without putting in the required time to master the subject area. But I don't think those people ultimately get very far today.
    Secondarily, I think this is so. But where the problem comes in, as we know, is the value of the cert. A cert is, by definition, supposed to make a statement that "this person has the goods", at least enough to get in the door past a hiring screener. But we see all the time that good people with great skills get passed over because someone managed to navigate through the hiring screen far more effectively. That's what is at issue - the loss of value.
    As trainers, we just need to continue doing our job of providing quality training, so that our students will not only be "certified IT professionals", but will be distinguished among their peers as "competent and capable".
    I believe we need to do a bit more. We need to, as instructors and certified professionals, to be the ones that keep that True Blue distinction alive - we owe it to our students who expect that. The question is just "what to do".

    So, departing from the "there is a problem", "it's been around for years", and the like statements, let's get to the brass tacks here? What do WE as instructors, need to DO to preserve that value? Is it a matter of getting out on Reddit and other boards and being the voice against those who would continue to usurp that, so we can preserve the value of the cert for those candidates that come after? How can/do we work directly with CompTIA in this case to police up the field?

    Or do we just "talk" about the problem (forgive my forwardness here, but in order to move this from a purely academic discussion to something of action)

    I keep saying it on this thread - there are people who are willing to steal what is of value. Who is actually tasked with protecting it? Or do we continue to hope that passivity or platitudes like "letting the industry clean itself" continue to reign?

    I'm not provoking starting an Certification Inquisition or some other form of witch hunt, but I also don't think enough is being done.
     
    Last edited:
    Below is content in the (ISC)2 website. Before obtaining the CISSP and CCSP certifications, I was required to satisfy the requirements relating to work experience. Would it make sense for CompTIA to adopt similar requirements that are aligned with their experience recommendations for those seeking certifications?


    If you have passed the Certified in Cybersecurity (CC) exam, there is no work experience requirement, so your application will contain questions and agreements regarding your adherence to the (ISC)² Code of Ethics and privacy policy.

    For all other certifications, you will be required to provide an endorser – another (ISC)²-certified professional in good standing – who can attest to your experience. If you do not know another (ISC)²-certified professional, you can opt for (ISC)² to endorse you.

    Your endorser will attest that your assertions regarding professional experience are true to the best of the endorser’s knowledge, and that you are in good standing within the cybersecurity industry. You will need the endorser’s member/certification number when filling out the online application. CISSP concentrations do not require an endorser.

    You will also be asked to provide your relevant work experience (requirements vary by certification) and can also provide any experience waiver based on certifications held or higher education degrees completed.

    Once your certification application has been approved, the final step in the process is to pay your first Annual Maintenance Fee (AMF) . If you already hold an (ISC)² certification you will not have to pay an additional AMF for your latest certification.
     
    • Like
    Reactions: Jarrel
    Greg and I have been chatting about this backstage for about a week, now and I feel the same way at times. Sadly, there will always be people who want to steal what is of value, if they can get away with it. We've seen it here on CIN and with the TTT series with respect to vouchers. Maybe it's something that we really could take up at Summit, because it's always been a concern.

    But I think it falls on this group of professionals, those who teach and deliver the content - those who actually strive to make it work and be true blue to be the ones to stem this tide. There are some things that can be done, from my view:

    1) Make the exams either more difficult or more dynamic - This means that people taking exams and sharing this stuff on places like Reddit (r/CompTIA) will have less an opportunity to utilize dumpy technique to get a cert.

    2) Actually see some policing from CompTIA on the subject - I am generally supportive of all the great things that CompTIA does, but in this, I do have some criticality. We read about the NDA and the potential sanctions that can occur from violating it. And while I don't expect CompTIA to actually respond to this, I have to ask, has CompTIA actually ever taken action against a candidate who violated the NDA? What does CompTIA do to go after dump sites like TestKing and Pass4Sure that deal in ETE and VCE files?

    3) Keep talking about it - I think we, as instructors and content providers get out there on those boards and defend the 'right way of doing it'. Let these people mock us and deride us for our "old geezer" ways. Because we know in the end, folks that seek the quick fix to get certs because they are chasing that bag of money - well, that will show up in the employees they become. Granted, they dilute and even pollute the pool of candidates that are trying to do it the right way. But those of us who have been in the field can spot paper certs a mile away. If they want to deride and mock, well, I'd say, return the favor.

    Greg and I have talked a bit about the "imposter syndrome" - the feeling that we get when we feel like although we have the cert, we may not feel like we're worthy of it. But yanno, I think having the imposter syndrome is a lot better than actually being an imposter and passing one's self off as a real certified professional. And how do we get that? By checking and validating each other, celebrating each test we pass and working to purify the pool of instructors.

    Okay, I'm off the soapbox...unless there's more to be said...
    Soapbox mode engaged...

    Oh no. So I was a party to a similar conversation at Cisco regarding CCNA for several years. CCNA was viewed as too generic and too many people were challenging the exam and passing. So CCNA 'specializations' were created. But after a couple of years they found that some of those specializations had near or exactly the same pass rates by people who challenged as those that took a course. The answer I believe is that some people use the tech and learn; others read a book and learn; and some take a course and learn. In the end the numbers of people taking some of the exams didn't add up to the cost to support the exam. So the great shrink happened (specializations all go EoL) and today we have just a CCNA, again. Now the same folks made the next level of exams harder. Guess what? Fewer people wound up pursuing those specialists certifications. The logic there is different than CompTIA in that Cisco partners need those specialists to sell and support products. Some of those certifications have gone EoL'ed too. The CCIE is the hard certification. It has value to the cert holder and their employer. Those numbers always hover at roughly the same level year after year. When I say numbers I mean people taking the Vue pre-practical exam, people going to the practical labs, people passing the labs and people not passing those labs. But to support CCIE Cisco offers just one course at their Live user conferences around the world.

    Please don't make the CompTIA exams harder. If anything we should all work to make the CompTIA certifications more relevant.

    I worked for a year as part of a NICE working group on helping HR professionals better understand our tech so they could write better job descriptions and conduct better interviews. Lots of work could be done there with academic advisors, job placement people and more HR folks.

    In the meantime I try to counsel my students on how to present their certification knowledge at interviews. Don't just say you have a certification. Talk intelligently about a few of the things you learned while pursuing the certification. Continue that education and talk about that.

    Finally, as a former Novell instructor (CNI 1988-1998) we all have to realize that tech changes and there will always be a need for folks like us that can help educate folks on new and changing tech. And some tech will just fade away.