[BSDcert] Initial thoughts

Tillman Hodgson tillman at seekingfire.com
Sun Dec 19 11:17:02 EST 2004 

On Sun, Dec 19, 2004 at 02:12:55AM -0500, G. Rosamond wrote:
> Of course some method of testing would be included.  SANS, eg, has 2 
> three hour online exams open book at home, plus a written practical.  I 
> personally like the practical as it would allow us to have the cert 
> provide more BSD documentation.

I've done the SANS GIAC cert path, and it's definitely a harder cert to
obtain than many of the "test only" certs. I think it also made their
initial ramp-up of the cert a bit easier: they didn't have to focus on
creating a large body of questions right off the bat.

OTOH, they require a fairly large ongoing body of written practical
markers. In many ways this is almost like a mentor program, except that
the student pays for it and the mentorship only consists of a decent
critique of their work ;-)

Maintaining and compensating that body of markers is an organizational
issue that'll need solving.

> If we were to look at live, closed book exams, we could work with a 
> handful of private institutes, like Dru's firm, in selected cities.  If 
> we hit major cities such as NYC, LA, Chicago, Toronto, etc., it could 
> work for the initial stage.

That doesn't work well for folks like me. I'd still support any effort
to create a BSD cert, I just wouldn't be able to actually /take/ it.

> >Dedicated resources will be required, and those resources should be
> >'long lived'.  We want this certification program to last for many
> >years, not just one or two.

I think this is where the business plan idea comes into play.
Alternatively, a corporate sponsor could be found to handle those sorts
of issues (dedicated resources, brand name recognition, continuity over
many years, etc).

> >Sounds like a solid business plan for this effort (and sponsoring
> >organization) is required.
> 
> more like organizations. . . into a committee, IMO.

When I set up SaskCIRT (at http://www.cirt.sk.ca/, the idea is modelled
after CERT), I worked with a lawyer on governance models. There was two
possibilities worth examining:

* Have SaskCIRT exist as an independent non-profit corporation (and
  then figure out how to handle funding, resourcing, etc)

* Have SaskCIRT not really exist. Instead, have a set of agreements
  being all the member corporations (NDAs, governance agreements, etc)
  and make it a form of corporate partnership.

We eventually settled on the partnership model because it let us avoid
the whole issue of money and maintaining a seperate organization. There
was also local precedent: a similar set of agreements had recently been
used for a "change your address at all the following utility companies
*at once*" website project. 18 of those organizations were also involved
in SaskCIRT, so the organizations were "mentally prepared" for what I
was trying to set up.

It still took 18 months get everything signed and in place. And that was
rabidly excited internal heroes in each organzation, and a push from the
provincial government helping out.

So the moral of my story is ... err ... oh yeah! Inter-organizational
committees that need to spend money aren't really committees. They're
either independent organizations (with a set of corporate members) that
need a business plan, _or_ it's a virtual organization that exists in
the set of agreements between the member organizations ... and it'll
have a harder time decided /who/ spends money.

> >"Curriculum"
> >
> >This topic will undoubtedly receive the most scrutiny.? What is
> >unique to BSD?? What are the key differences from other Unix or
> >Unix-like certs, such as Sun or Linux?  What topics are common to
> >them?? And the big question - How do we define a BSD certification
> >that covers all well-known flavors?
> 
> Right. . . that's what I was thinking about also.  Some will obviously
> be general Unix, some will be BSD general, some parts will be project
> specific, some application specific.

A thought occurred to me: LPI has done a lot of work on the "any flavour
of Linux, and most flavours of Unix" basic cert idea. Commercial vendors
also tend to provide basic certs for their flavours.

Why not piggy-back? Require someone to hold "one of the following basic
Unix certs", and then have a cert that covers _only_ BSD specific stuff.

It has the attraction of being easier to ramp-up, prevents re-inventing
the wheel, and has a strong BSD focus. It has the downside of appearing
less "full bodied" in taste (so to speak) and doesn't give us control
over the content of the basic Unix cert component.

> >"Marketing"
> >
> >Any BSD certification will require extensive marketing from/with the
> >sponsoring organization.? "More is better" in this area.? BSD is not
> >as well known which presents a both an opportunity and a challenge.?
> >The opportunity is 'newness'- news organizations and publications
> >will initially give press to it, simply because it is new.? The
> >challenge will be to maintain momentum over the long months and years
> >after the initial blush fades.

The written practical might help out here. If everytime someone googles
for information on X, they run across a paper on the BSD Cert web site
describing how to do X on BSD ... well, there'd be some easy dots to
connect there. It's definitely worked that way for the SANS folks.

The piggy-back idea also addresses this to a certain extent. As a hiring
manager, I would understand "LPI level 1 plus BSD certification" or "AIX
basic admin plus BSD certification".

Some basic studies into who the target cert holder is, how many of them
there are, and where they are will be needed at some point.

-T


-- 
"Information's pretty thin stuff unless mixed with experience."
    -- Clarence Day

More information about the BSDCert mailing list