Are certifications worth it?

I have just been on RedHat SA 3 training course (4 days) and sat exams EX200 (RHCSA) and EX300 (RHCE)

The daft thing was that politics meant I wasn't allowed to take courses SA 1 or 2. So I learnt about stuff I would never use (SELinux; iSCSI; NFS Kerberos encrypted with user specific access rules etc.) and then took the exams.

Somehow I passed RHCSA for the course I didn't do, even though I didn't know a few big chunks so would score zero for those sections. Sadly I failed on RHCE because there's too much to remember about irrelevant stuff that I would never dream of using and it all seems a bit over contrived.

Given that the exams marks if you can pass the exam rather than how you perform in a real job, what do people think of it's value? It might look good to management and help get an interview, but as someone not looking to move, ........ ?

Just wondering, :rolleyes:
Robin

Hi Robin,
I never had the chance to take an exam as if I were it would be on my spare time and money ( I dont have as kids cost a lot our days...) The only exams I passed were for my diploma and then I was student without a Job ( but hoping with a Federal IT diploma I would then find easily...)
IMHO certification is a must for someone beginning in IT or for a junior wishing to escape his present situation for better, but for someone that is not in services ( lients want to see you have the latest...) you know like me the content reflect only partially the real IT world.. and so we have knowledge that cant be learned and a lot of what you learn there is of no use for our Dept...
So I can only agree with you...

Best regards
Vic

I got the RHCE for RHEL 6 a few years ago and remember it being full of useless guff, such as configuring SAMBA users as well as users for other services, as well as iSCSI, etc. that you mention, none of which I've ever used (so, of course, have forgotten - it's hard to commit such rubbish to memory!).

And, while I've studied for the RHEL 7 RHCE haven't taken the exam yet, because it's expensive and full of much the same useless stuff.

It's probably good to learn a lot of the other, more useful stuff, just for your own knowledge, but I really don't think it's worth the effort, time or money to do all that's necessary for the exam (unless someone else is paying for it).

Probably looks good on the CV, but that's about it, IMO.

Hello rbatte1,

I NEVER discourage anyone from doing learning(by any good way). Personally I believe in this:

Thanks,
R. Singh

All depends on your customers.
Your current customers recognize your reputation gained in your past work - but what about new customers?
An objective and comparible certification in your CV puts you first.

It's becoming harder and harder to have "general" knowledge about Linux as distros become more specialized, Windows-like, and sundered from each other.

They do look good, but the quality really depends of the person effort later on.

If you just take class, followed by exam (full of useless stuff as you folks say)
and never use the knowledge, it is useless and will vaporize over time.

Of course, good things can be heard from a great teacher.
But they are not always so great..

You mentioned kerberized nfs, iscsi, selinux.
Those are actually great techs and great to know.
The world will insist more on those things as time progresses.

As for ISCSI, i find it a great cheap learning/education tool for virtual clusters on work/home PC for disk backend.

Regards
Peasant.

Unity, dbus, pulseaudio, systemd, featurism, dependency hell, ego-driven development, ...
I really start to like BSD and Solaris.

Thanks for such quick responses from so many. I agree that leaning is generally a good thing, it's just should I bother re-taking the exams? I'm not after a CV builder, especially at my age :o

I might take it again for personal pride. I was very much a "rabbit in the headlights" for the exams, especially given that I didn't know before Monday morning that there was RHCSA Friday morning and RHCE in the afternoon, so no prep-work and I hadn't done the course for RHCSA :rolleyes:

At least I kept making sure that may machine booted and the changes I built up were persistent. There are many stories of people scoring zero because there was a fault somewhere that stopped the server boot, e.g. a duff NFS mount.

The big thing is that it's not multiple choice, but actually delivering things that just seem irrelevant to everywhere I've ever worked and you have to remember enough so you read the right man pages without wasting too much time - oh and you have to crack into the OS and set the root password, which is a different process from RHEL6 and before. They only mention it briefly, miss it and you are doomed

Kind regards,
Robin

i work with AIX, therefore my clients are always big companies (mostly banks) with big datacentres. I have none of these fancy certifications*) but i have a project record going back more than 30 years.

Would i (or, rather my business) profit from having all these certifications? I don't think so, but i have provable experience compensating for this. I suspect that for younger colleagues the situation is different.

Personally i think this certification industry is helping nobody except themselves. Instead of finding out if (and further certifying that) a person is capable of doing certain tasks the tests simply question factual knowlege. Now, suppose you are ill and need a doctor: would you want one who can name every bone in your body correctly, but has no idea about "therapy" or one who knows how to cure patients but has to look up the name of some bones in case they are involved? A person who can name all binaries in /usr/bin without error does not necessarily have the knowledge about how to use these to achieve a certain goal - and even if he does he might not have the wisdom (read: experience) to distinguish between a good solution and a bad one. **)

Certification testing, if it should really mean something, should be done in the same way academic testing is done: you get a problem description, create a solution for it and an expert or team of experts judge what you have done. They do not give you some multiple choice tests and after testing positive on 30 of these you are a physician. Of course, this would mean that the certification business would be a lot less profitable than it is now, because it would involve actual work on the part of the certifiers. But as their intent (like any capitalistic business) is not to deliver the best possible work but to make as much money as possible this has no realistic chance of becoming reality.

bakunin

________
*) actually this is not entirely true: i once was a certified MCSE ("Minesweeper Consultant & Solitaire Expert") because of a bet between me and a colleague from the Windows team. I was decertified 2002 because of prolongued disinterest in getting re-certified on my part. And i am still in business despite Microsoft writing me a letter which pictured my professional future without the certification in very dark colours.

**) the distinction is not good solutions work, bad ones don't because things that don't work are not solutions at all. A good solutions works AND is easy to maintain, well structured, uses the least possible resources, etc., etc. - a bad solution is a working kludge.

Hi,

I have no Linux/UNIX certifications, though I do have a degree in Computing Science. The funny thing is that the degree basically turned out to be useless, for me anyway. I realised very early on that what I wanted to do was sysadmin rather than dev work, and a comp sci degree in the 1990s was purely focussed on hardware and software engineering. The landscape for University-level sysadmin stuff is far better now, but was nonexistent then.

What I did learn from though was the part-time job I had while at Uni, which was doing weekend and evening customer support for a small local Internet Service Provider. The guy who started the company had a DEC background, so most of the Web, e-mail and FTP kit were VAXen running VMS, with a smattering of MIPS boxes running Ultrix for NNTP and a few SPARCstations for RADIUS authentication. So it was a really great place to pick up the basics of all kinds of things. And it was what I learned there that got me my first proper full-time sysadmin job rather than the degree, no question.

As it happens I too had an MS certification forced upon me - I had to get an MCP in Windows Server 2003 ten years ago so that our company had its quota of certified staff for its Gold Partner certification. My job had for years involved a pretty even mix of *nix and Windows senior sysadmin work, which is why I was one of the people picked to go and sit the exam for the thing since the outcome was pretty much a foregone conclusion. I can't say my MCP was totally useless to me though - I ended up keeping the little laminated proof-of-MCP card in our car, so my wife could use it to scrape ice off the windscreen on cold mornings.

So personally, I value experience first and foremost, and any certifications, degrees or other qualifications come second. If two candidates were both sitting at the top of the pile then the certifications could be a decider in a tie-break, certainly. But for me, it's all about the experience rather than the paperwork.

My long standing and constantly reenforced view is that certifications are basically worthless and certification companies are mostly just money making machines, pure and simple.

For example, I was a well known Internet security expert long before I took the time to get my CISSP certification. But I thought (one day, a long time ago in a spacetime far far away), hey! I'll sit for the CISSP exam so I can put "CISSP" behind my name and hang out with CISSPs.... haha

Honestly, I enjoyed studying for the exams and when I finally sat for the exams, I finished hours ahead of schedule to my surprise. I passed the entire CISSP battery of exams with flying colors and proudly flew the CISSP flag after my name for many years. For a year I was a featured ISC2 blogger on their site.

Then, I noticed that almost every CISSP I met had almost no operational experience, only textbook knowledge. I noticed that the world was pregnant with "certified experts" without any true operational experience against a real cyberattack and no general data center operational experience. Most of the certified people whom I started to associate with were "cybersecurity or IT arm chair quarterbacks" who talked such a great game but never had been on the field. This was amazing to me.

Then, I noticed that the organization that controls the CISSPs had a system of "professional credits" that were required every year to stay certified; and that much of these "continuing professional development credits" came from their commercial partners. For example, if you took a class from a partner of theirs, or you subscribed to a magazine (this is crazy!) in the "recommended magazines", you could get "credit" to keep your CISSP!

However, if you wrote a bunch of great blog posts about actual real experience defending the real world against real cyberattacks, or published a paper in a journal not directly associated, you got zero credit. In other words, the CISSP "system" turned out to be a kind of commercial enterprise which churned out a lot of unqualified, but certified people.

I finally just gave up on my CISSP cert because it was useless and a kind of a farce; as the more CISSPs I met, the more I met people who had a lot of book knowledge about cybersecurity but most, I would say 90 to 95% or higher, had no true hands on operational experience defending high value networks. Most had never even done any system admin on a critical server!

My advice has always been to get hands-on experience and stay hands-on and operational. If you are too inexperienced to get hired, then create your own project (be a doer, not a talker) or join a open source effort (volunteer and contribute); write code, write code, etc. Do sys admin. Never become an arm chair quarterback who claims to be an expert because they got certified.

On the other hand, I enjoyed all my studies when I prepped for my CISSP exam; and I did learn a few good things from my exam prep time; but only because I had many years of hands on operational experience to validate and apply the theory too. I have met a few CISSPs who were "operational" and great people (few and far between, however).

I can name very few people with hands on operational experience compared to the multitude of certified people who have ever worked in a data center or been a sys admin of critical infrastructure (but claim to be experts).

In closing, Certs are "OK"... if you want to do them; but nothing is more important than continued hands on experience at the system level, learning new skills, coding, writing solutions, building and securing systems.

In my very biased view, 100 certs are less valuable than a few years of hands on system level (admin / system programming) experience with mission critical IT infrastructure.

Cheers!

I agree with most of the sentiment already expressed so I'll keep this post as brief as possible. My history is in technology company ownership; corporate I.T. Systems supply and support, storage specialisation, and biometric security systems.

Certifications (or 'tickets' as I call them) are great to augment a university or college qualification as it shows motivation to specialise and improve. However, it will only help you get your first (trainee) job. Your first employment will be the main consideration for your second employment, not your tickets. When I was interviewing candidates, hard experience would always beat tickets; no contest whatsoever. A guy who'd run a support centre for 3 years but had no tickets and been made redundant through no fault of his own would win hands down against a rookie with tickets. Also, as we all know, a lot of the stuff you have to learn on these courses you will never use again.

We had a trainee here, who'd accomplished some Cisco Certification (done via internet as it revealed later). Don't know exactly what it was. But she somehow managed to not even know how IPv4 works.

I read some offers here and there in the internet:" If you take our premium support offer you always get serviced by an >> LPIC Level 3 certified senior system administrator <<".

Especially the LPI Exams cost a lot of money if you want to keep them especially at a higher level. After 5 years you have to recertify.

Perhaps the real problem (which would be worth its own thread but also relates here) is that modern IT business is not about function or achievement but only about compliance.

Here is an example of what i mean: i am part of a "security OS hardening" work group and we define the (securitywise) measures to be taken on a newly installed system to make it "secure". So far, so OK. We are presented a suggested list of measures to be taken which someone compiled beforehand. Fine with me too.

Now i inspect this list and find the item:

• remove telnet client

and i ask how this is security-relevant. Yes, i can understand the server part and i can understand switching it off, but the client poses no security risk to the system at all. It might make sense to remove it anyways, because we want the least possible number of packages installed - but this is IMHO not a security-problem. No, i am told, perhaps i am right and it isn't, but because some list from the BSI ("Bundesamt f�r Sicherheit in der Informationstechnik", german authority for security in the IT) says so we need to remove it.

Now, i ask again how the existence of a client program poses a threat and am told: "maybe it doesn't but we need to be compliant". WTF?? If one wants to be compliant, then by all means, say so! Don't call it "security", because it isn't!

Certifications come, IMHO, from a similar way of thinking: don't do something to achieve a certain defined goal and measure progress/achievement by analysis of how much of the goal/achievement has been reached - do something because it is prescribed because this way you are "compliant" and if you in fact achieve your goal doesn't matter at all. If you want to go from "A" to "B" it doesn't matter if you actually reach "B" as long as you can prove to have bought all the prescribed tickets because some means of transportation is "compliant" and all others are not.

In terms of certifications: it doesn't matter if you can actually do something, it just matters that you are tested to be compliant (note: compliant, not competent) by a compliant procedure created by compliant experts.

Welcome to the new world where we sell horse manure in cones and call it ice cream - that is OK as long as we do our utmost to make sure it stinks the same every day.

bakunin

Hi,

Long time since I last posted here. 4 years actually.

Anyway, I now work on the Certification team at the Linux Foundation. We offer LFCS (LF Certified System Administrator) and LFCE (LF Certified Systems Engineer) certifications. We also offer specialised certifications, such as COA (OpenStack), CKA (Kubernetes) and CFCD (Cloud Foundry).

The LFCS and LFCE can be taken on your distribution of choice (well, CentOS 7, Ubuntu 16.04 and openSUSE Leap 43). The major benefit is that whilst these exams are skills-based, live exams, they can be taken from the comfort of your own home on any machine with Chrome, a browser plugin, and a webcam, as they are remotely proctored, and you interact via Gate One (a browser-based terminal emulator).

Some of the competencies you complain about are in our exam competencies. These competencies are decided upon by a panel of diverse experts from the industry, of which I am a member. These are based upon the skills that are required in the modern environment, based upon extensive research in the industry.

Whilst the few people in this thread may not use SAMBA, iSCSI or Kerberos, there are a lot of people that do, and they are still relevant skills to possess. If you want to be certified as a Linux generalist, you should know how to do these things. If you didn't, there'd need to be specialised tracks to cater for employers looking for specific skills. Kerberos is rampant - FreeIPA for example - which I see in a great deal of places. Employers need to know that prospective employees have this core skillset.

Our exams are constantly reviewed, and updated as needed, in line with the ever-changing environment we find ourselves in. For example, we are actually refreshing LFCS and LFCE, due for release early next year (I am tech lead on that project, as well as COA and CKA).

Please note, I'm not trying to sell anything here, we are a not-for-profit organisation anyway.

Cheers
ZB

What is the webcam for?

So they can make sure you're not looking in books, using crib notes, talking to people, using a phone, etc.

The screen is also shared (hence the browser plugin), so that your browsing session is monitored.

The entire exam session is also fully recorded, and can be played back later if any dispute arises.

First off: great to see you again! Welcome back! I would really appreciate to see you more often here.

This is actually not what i am complaining about in the modern certifications (i don't know the ones your organisation offers, so what i mean here is the likes of MCSE, CCE, CATE, etc. and yours might be different). What i am complaining about is the way these tests are designed: suppose you want to know if someone is proficient with, say, file system design. What the common tests do is to find out if the candidate knows every one of the 37 ls -commandline options.

Now, i ask you: regardless of knowing or not knowing these 37 commandline options: in real life the problem might be a broken hard disk, which needs to be rescued: companies like Ontrack can copy the data to another (working) disk, but are you able to reconstruct the content of the bad block so that the disk is readable again? Actually a colleague of mine and me did this once for an AIX disk, using dd and awk to reconstruct the FS metadata. It was not only factual knowledge: it was factual knowledge along with the imagination about how to apply that and the experience which told us how to approach such a problem in the first place.

Another example: take "knowledge of LDAP". It is all well and fine to know about the protocol and the tools and procedures, etc.. But this will only help you to create a badly designed LDAP domain if you haven't learned the ("intrinsic") knowledge of what sets apart a good from a bad design. Such knowledge ideally comes from experience: yours, when you do it and the experience of a "mentor" (doesn't matter how you call him) who guides you around possible pitfalls and passes to you what he has learned from his failures. All these latter mentioned things will not be tested by some multiple choice tests like "name the 3 methods of ...." a), b), c), d), e).

A "test" which would indeed test the worthiness of an expert (and not just how good he is qualified as man page) would include giving real-world-(like-)problems to people and judge the solutions they come up with, just like it is done at the academical level: get a theme, write a thesis, then defend it before peers. If someone wants to become a physician he has to do some multiple choice tests too - but ultimately he is given a corpse and has to show that he has what it takes to operate on people. And the task is not "name every tissue you see" but "do a [put your favourite operation here]".

I would be glad to see certifications be worth something: if a person sports an "MD" after his name i know i can trust him to treat me if i'm ill (well, granted, there are better and worse ones). I'd like to see all sorts of certifications giving me the same level of trust about whatever the area of expertise is that is certified.

But again, this is just a pipedream of an ageing hippie, unfit for modern business.....

bakunin

Certificates are good, to balance off weakness (or limited/no) job experience. However, at a certain point, the Certificate is meaningless (ok, maybe some meaning) once your work experience reaches a specific level.
For every job category and employer, these are different.

For real life example, I went thru the HP Unix training suite and completed 7 programs twenty years ago (including Introduction to Unix Scripting). At this point, some/most of those certificates would mean nothing to prospective job in comparison to what I have done in the following 20 years.

So, yes good. To a point.