Ethical Question

Discussion in 'Security+' started by dbsgv650, Jan 14, 2012.

  1. dbsgv650

    dbsgv650 New Member

    4
    0
    1
    I am the IAM for my organization and one of my duties is to see that the IT folks get their certifications. I hired a training company to conduct a Security+ review/bootcamp at our site and they hired an independent contractor to come to our site and conduct the training and proctor the CompTIA exam. After people started coming out of the exam, I was surprised at the very high scores (the lowest I saw was 850) despite a complete lack of confidence going in and the comments that many of their review questions from in the class were word-for-word the same as questions on the exam. All 13 who took the exam pass easily and many are not really network or security proficient.

    I've looked at the questions (distributed via .PDF files) and pretty much traced them to TestKill.com. I can't determine if this is a brain dump but it certainly appears to be - and I can't be absolutely sure that this was the originator.

    The students did nothing wrong but I'm questioning the integrity of the instructor - and maybe he wasn't really aware of possible wrongdoing either.

    Should I pursue this further, possibly invalidating a bunch of certs, certainly making my popularity in the office plummet, and causing additional expense.

    Thanks for any advice. This is tearing me up pretty bad.

    D
     
  2. JonnyMX

    JonnyMX Petabyte Poster

    5,257
    220
    236
    That's always going to be tricky.
    Is this an ethical question?
    If so, cheating is wrong and you should report the training company.
    On the other hand, if you don't care about ethics (or it isn't your place to decide) then is the only consideration how many of your staff have a cert?
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  3. soundian

    soundian Gigabyte Poster

    1,460
    71
    107
    That's a whole nest of wasps right there.
    Personally, I would restrain myself form whistle-blowing this proctor/tutor to CompTIA. Although you have no concrete proof CompTIA might be able to dig some up, then you've got a whole lot of pi$$ed of people at work to deal with when CompTIA invalidate their certs.
    Your line manager certainly needs to know about this. The training company who hired this guy need to know about this. The contractor in question is obviously very bad at his job. He either knows this and uses braindumps to boost his pass rate, or he is so ignorant he doesn't even realise he's using braindumps. Either way, not someone I would want to employ as a tutor or a proctor, and I'm sure the training provider will see it the same way.
     
    Certifications: A+, N+,MCDST,MCTS(680), MCP(270, 271, 272), ITILv3F, CCENT
    WIP: Knuckling down at my new job
  4. JonnyMX

    JonnyMX Petabyte Poster

    5,257
    220
    236
    Nest of wasps indeed.
    Ethics are all well and good - I met someone who had some once.

    On reflection, ethics aside (in terms of cheating), the question I would ask is 'did the instructor deliver what I paid him to deliver?'

    By that, I mean if your sole motivation was to get your staff certified, then he's done what you wanted him to (although I'm not condoning his methods). However, if you wanted him to give your staff network/security skills and they haven't actually learned anything of value - then I would have an issue with the service that has been provided. As we have said so many times here, certification is (unfortunately) not the same as knowledge and experience.

    I'm not sure if I've worded that terribly well, but hopefully people will understand what I'm getting at...
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  5. dbsgv650

    dbsgv650 New Member

    4
    0
    1
    I've never been a fan of certifications precisely for this reason - they really aren't very accurate in indicating how much someone knows - so I guess at a minimum we have met the higher level authority. With the competition among training companies maybe this is a common means of looking good for potential customers. Really how else could they guarantee 95+% pass rates. Part of my thoughts on this is that I worked pretty hard on getting my Sec+ (and class/test was done the right way) and now everyone has it so now our department head (who isn't required to get it) thinks that this cert is a breeze.
     
  6. JonnyMX

    JonnyMX Petabyte Poster

    5,257
    220
    236
    Absolutely right.

    Again, not condoning it, but companies are looking for trainers that can get employees certified quickly and with a guaranteed chance of passing. How else are they supposed to do it? There is no way in hell that you will get a no-nothing to pass A+ inside a week without giving them the answers to the exam.

    Sad but true.

    It's a problem related to statistics, metrics and goals. Unfortunately so many companies try to meet 'partnership' goals so are required to have so many employees who are 'certified' by such a vendor or in such a technology. As we all know, that isn't the same as actually having so many employees who actually know what they are talking about.

    The irony for me is that the likes of Microsoft specify that in order to qualify to partner with them you need to have a certain number of certified individuals, then they don't expect that to motivate that company to cheat in order to meet that requirement with the minimum of hassle. It's human nature.

    We live in a car-crash world. It would be so nice if we could just hire people that had the skills we need and then invest in a development program that built them up and gave them new skills, rather than just more bits of paper that make it look as if they can do something that they can't. Who is that supposed to help?
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  7. dbsgv650

    dbsgv650 New Member

    4
    0
    1
    I wrote CompTIA and asked them about it and didn't get a reply so maybe they don't care. As long as they get their testing/renewal fees they're fine with it.

    I think it is sad. Pay your money - get a cert - and no one really cares.
     
  8. JonnyMX

    JonnyMX Petabyte Poster

    5,257
    220
    236
    Absolutely right.
    Nature of the beast.

    On the one hand certification vendors don't want a load of people certified in their products who don't know what they're doing.
    On the other, you certify with them, you pay your exam fees, you use/promote their products, you wear their t-shirt...

    How hard are they look at de-certifying people?
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  9. dbsgv650

    dbsgv650 New Member

    4
    0
    1
    You worded that very well. Bottom line, I need to find out from the higher ups if the goal is to get certifications or if it is to make sure the IT staff is trained and qualified. I sent the study material off generically to CompTIA and they responded back today that the study materials that were used were a brain dump and that they shouldn't be used. They also wanted to know where I got it (if they find out who I am, can they invalidate my cert????? - although I'm sure if they wanted to, they could find me)

    I guess my 'bosses boss' will determine the next step.

    And since I still need my CISSP, if they don't care how I get it, should I?
     
    Last edited: Jan 20, 2012
  10. JonnyMX

    JonnyMX Petabyte Poster

    5,257
    220
    236
    This is the nest of wasps bit.
    Yes, I suppose they could track you down if they wanted to, depending on the info you provided when you registered for your exam.
    Then what?
    You tell them that you didn't use the dumps yourself and see if they believe you?
    What if they ask for details of your company and the company that provided the training?

    I hate this sort of thing because ethically you did the right thing, the thing we're all told to do.
    Unfortunately what you've done is land yourself in a heap of grief and are left with the responsibility of how many others you drag in with you. Yikes.

    Really you can only worry about yourself, not everyone else. When you say 'if they don't care how I got it, should I?' absolutely - you're the only one who should care. It's like making cash by mugging old grannies. If you don't get caught, is it bad? Of course.

    You need to be able to look in the mirror and say 'I am CISSP certified' and be comfortable with it.
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.