Certification Bazaar: The Ugly Side

The certification bazaar has  taken off in the Indian IT industry. Courses range from PMI’s PMP, OGC’s PRINCE2 and ITIL, COBIT, TOGAF and BPM.

Purveyors of these courses charge you an arm and a leg; certification and their maintenance will in all probability cost you another arm and a leg.Do you wish to put down that kind of money with the possibility of little or no returns on your investment?

Horror stories of how folks are certified but have no opportunity to practise abound, but at least in some cases, employers are willing to foot the bill to retain the certified hordes. Yet others do not have the said luxury. Would you re-certify yourself if you had to pay from your own pocket?

Marketing emails  sniff out an inkling of a need or a requirement. The tactics could be termed innovative or (if you wish to be critical) , they  smack of desperation.

Courses and their faculty seem to be  disjoint and disparate from the industry and reality.

It’s a chicken and egg situation. Should you  certify and then gain experience on the same? Or gain experience first and then have yourself certified?

What do you think?


The other bugbear in the Indian IT industry is not sexism, as you would like to believe, but ageism.

Lack of seasoned professionals in the industry and pre-dominance of young professionals is the cause of this malaise.

Churlish behaviour of the young ‘uns only reinforces the impression.

Just another ugly facet of the celebrated success story.


Quote of the day:
Whatever you do will be insignificant, but it is very important that you do it. – Mahatma Gandhi

Top Posts

Home page

IceBreaker Speech at Mumbai ToastMasters

The Women’s Reservation Bill


Web Services, SOA, BPM, and Cloud Computing VII

Overstock.Com OSTK

Tennis, AITA, Mumbai University & Kalina Campus

True Search for Humor! Oh, how sach!

The Balanced Scorecard & Project Management

Emceeing a ToastMaster Meet!

ITIL V3 – A Brief

Web Services, SOA, BPM, and Cloud Computing V

The Sum Of All Parts

We’re too self-absorbed!

So why do Indians cheat?

Disruptive Innovations

Portfolio Management & Corporate Strategy

Now, That’s Incredible!


Bollywood – Actresses – II

Web Services, SOA, BPM, and Cloud Computing IX


How Proza(i)c : Happiness in a Pill?

Web Services, SOA, BPM, and Cloud Computing VIII

Of Words, Poetry and Bad Grammar!

Bollywood – Actors – I


T-Commerce – Teeing Off

Gods of Clay!

Snapshots on OOP

Quick Tips for ToastMaster(s) of the Day

Microfinance and you

IPL’s ‘Twittergate’!

ITIL – Next!

For the cricket fans!

Bad Hiring Practices & Google


Tennis comes into its own!

Harsha Bhogle: The importance of the IPL

Capitalism: Its Two Variants

Trojan Horses

Web Services, SOA, BPM, and Cloud Computing I


IT Project Management Quotes – These are not original

Web Services, SOA, BPM, and Cloud Computing II

Life and Program Management

Doosra: The life and times of an Indian

Architecture – Understanding the criteria – II

Principle of a public key infrastructure. Roug...

Image via Wikipedia

Continuing with Understanding the criteria….


When we refer to IT security, we usually look at access management i.e. authentication and authorization.

Authentication simply means you are who you say you are. It is also referred to as identity management.

Authorization means are you authorized to use the given service / application / system i.e. are you allowed access? Do you have the rights to use the resource? Authorization is usually a group / role specific policy. Rarely is authorization set at the individual level. Authorization can be also implemented , in a charging system, as do you have credits to be allowed to use the resource? This, of course, would be at the level of the individual or an entity such as an organization. Examples of this would be encountered in a utility computing model say cloud computing or even for mobile phone services. In the latter, the services are degraded once the credit limit is reached and are restored once the customer tops up his account with the required minimum amount. Authorization is also referred to as access management.

A robust access management system includes verifying identity and entitlement, granting access to services, logging and tracking access, and removing or modifying rights when status or roles change.

ITIL talks about information security as being effectively managed if

  • information is available and usable when required (availability)
  • information is observed by or disclosed to only those who have a right to know (confidentiality)
  • information is complete, accurate and protected against unauthorized modification (integrity)
  • business transactions, as well as information exchanges, can be trusted (authenticity and non-repudiation).

In cases where information is to be protected , use of cryptography and methods such as symmetric encryption, Public Key Infrastructure (PKI) (asymmetric encryption algorithms) and digital signatures (ensures non-repudiation). For more, read http://en.wikipedia.org/wiki/Public_key_encryption

A strategy referred to as ‘defense in depth’ is used to secure computer systems from outsider attack. Here, the premise is that even if the outer wall is breached, the inner sanctum is still secure and it is also time-consuming for the attacker, by which time, a breach may be detected and flagged by a good audit trail system.

You may be more familiar with this when building systems that access the internet and are accessible from it. Here, a De-militiarized Zone (DMZ) adds another layer of security to the firm’s LAN. For more see http://en.wikipedia.org/wiki/DMZ_(computing)


This is the most overlooked aspect of a solution / application. However clever your system may be, however ingenious the engineers developing the system, if the user does not find the application easy to use, then you have a hit a brick wall. Resistance from the users can sound the death knell of any application. A good application should be intuitive to use and leverage existing habits of users. Forcing users to change their ingrained habits is always difficult. Especially with reference to transactional systems and customer facing applications, where responsiveness is key, a non-intuitive interface coupled with inadequate training on a new system can lead to frustrated users. In my experience, at British Telecom, when a GUI was introduced to the customer service representatives replacing the old mainframe UI, the sluggish responsiveness of the new UI led to experienced users switching over to the old system so that they could finish their quota of calls to be attended to. CSRs are very stressed individuals and you do not want a system to add to their discomfort.

These , in my opinion , are the most relevant criterion in evaluating an architecture. Their importance may vary from system to system. But a good and simple way of evaluating a software architecture to assign weights to each criteria and a range of values from 1 – 10 for each criteria. This will give you a rough and ready estimate as to how well your architecture stands up to scrutiny.

Have a good day!

To be continued ……

Share this post :

Reblog this post [with Zemanta]