back to article UK teen is world's youngest certified ethical hacker (maybe)

For as long as he can remember, Shane Kelly has taken a keen interest in taking things apart. When he was 11 and his family took delivery of its first PC, he promptly pulled off the cover and disassembled it, much to the chagrin of his parents. "They weren't too impressed at the time," Kelly, who is now 16, says. "But I put it …


This topic is closed for new posts.
  1. Joskyn Jones

    Boot Camp Chimps

    I'm always very wary about these so called "Certified Ethical Hackers". The qualification appears to effectively demonstrate that the "Show Monkey, Monkey Do" principle is still working as well as it has every done. Very much like it did with the Novell, Microsoft, etc courses where after a week of intense parrot style studying and little if any real world experience, you then become a fully 'Certified <Insert Vendor of your choice here> Professional'.... BOLLOCKS...!

    Don't get me wrong, the teenager who passed this course has done well, I know of some Monkeys who've actually failed the course.

    All the "ethical hackers" I know and work with would not touch these courses with a barge pole (although some have been known to go on them to ridicule and humiliate the course tutors) and most Security Professionals who need the services of Ethical Hackers know that experience is the key and any Monkey waving a 'pseudo qualification' is avoided like Microsoft Security (alleged) products :o)

    /Sunday morning moan

  2. rory alsop


    @Joskyn - totally agree; I organise training for my own organisation and a professional security body and I would far prefer it if bootcamps were removed from the equation entirely. This is why I like the CREST concept - the assault course means you really have to know your stuff in practice. Theory will help you, but without the hands on you will fail.

  3. cor


    Ah, but in the wonderful self-balancing world we live in, someone's gotta keep up with the script kiddies. The way things tend to work out, the professional experienced experts will be still counteracting the prof. experienced Black Hat hackers.

    Boot-camp-monkeys are an essential part of the IT cleansing system, with the rise in idiotic just-add-water brute force kiddy-scripts available to 12-year olds.

    I guess it's comparable to the real world necessity for doormen as well as MI5 spooks.

  4. Ishkandar

    To be fair to this young chap...

    ...he's done well for his age. More importantly still, he realises that there is still no substitute for hard experience.There are many, two or three times his age, who think that waving a piece of paper around "proves" that they know all there is to know about any particular subject !!

    My most unworthy, evil side takes great delight in shooting these paper-wavers down in flames !!

    Once again, well done, young man !!

  5. Anonymous Coward
    Thumb Down

    Useless Certification

    In my opinion this qualification is worthless. The course material is dated at best and flat-out wrong in many instances, some instructors know less than the candidates, and it is becoming horribly skewed towards MS products (because "nobody uses UNIX or Linux as a production server" apparently). You are taught to use a handful of tools and not expected to know why you are using them or what they are actually doing.

    You are not going to bag yourself a job on the back of this qualification, and if you do your employer is going to go bust tout de suite....

  6. Anonymous Coward
    Thumb Up

    @Sunday morning moaner...

    I still think it's better to have done the course & certification than not... at least he didn't do the 5 day boot camp only to pass it, that method only creates lab rats at best. More often braindumpers who don't justify nor deserve their certification status.

    I agree Show Monkey, Monkey Do could also be described of any certification, real work experience should matter most but I think certs should be there also to backup and broaden your knowledge. Don't even get me started on Computer Science degrees.

  7. Chris

    Its like the majority of course's

    I don't do Computer Science at Uni but i know more than a fair amount of IT students!

    But that could be said for anything, If you do buissiness degree, your rubbish at buissness essentially, Like anything if your naturally good at it you would never learn anything practical on the course.

    But of course in this world people wont believe you on experience so you have to get a degree.

    The main problem with IT is that its ever evolving and the biggest aspect is that you cant just teach people to 'do this and that' they have to think for them selfs and keep up to date.

  8. Anonymous Coward

    Courses are worth nowt

    I've been to many an interview where the prosepective empolyer actively avoids any candidat waving around a certification and no experience. They'll take the person with years of experience and no so called 'certification' each time. Most cases they'll even put you through the course just because HR demand it.

    That's just it anybody worth anything knows the course will teach you something yes. But unless you've got the experience to prove it, it's useless.

  9. Anonymous Coward
    IT Angle


    Aye matey. Also Ethical hacker - is that somebody who reads the documents with the tools before using them! Only real certs in the industry that realy carry weight require you to have X amount of years doing the job prior to even seeing the exam and there aint any bootcamps associated with them iirc either.

    Bootcamps are for multiple guess monkeys and I partialy blame M$ and there bad run on MSCE phase they went thru were they even let the monkeys pass (seen many certified over a certain period who had that christmas look in there eye just seeing a login screen - begging lack of familiarity).

    Now if the IT industry had a central respected certification body akin to acocuntants then, and only then would skilled people get paid what there worth.

    But heck he is 16 and he's going down the right paths and doing well so lets not poo poo the wee laddy just because he got a certification that people who know the job dont respect as there are many many monkey managers who do respect that shizzle.

    Welcome to the world of IT were the right gets wronged and the wrong get promoted :(.

  10. Phil Standen


    IT and Comp Sci are (obviously) different, moreover the quality of education varies immensely from institution to institution. I suspect that comparing the quality of Alumni from (say) Imperial College's Comp Sci MEng course with (again for argument's sake) Brighton University's BSc might highlight this.

    You are also not quite right about the degree being required, the IT industry is once of the few where 3 years of good quality professional experience counts for more than a good quality degree.

  11. call me scruffy

    Middle ground here.

    First of all, all credit to the guy for bothering to do it at all... even if it is just "ethical script kiddie".

    Secondly, there is an acheing gulf between "years spent in industry" and "experience". You only get "experience" if you realise that you've made a mistake and then LEARN from it. For example I've seen people with five years experience of "software engineering" who have written code with terrible resource complexity issues. I've pointed this out, to the reply that "only academics care about that shit", except "that shit" is the precise reason that the product sucks memory and takes hours to run!, with all their experience as a "leet VB engineer" they've never learnt! When I've shown them a faster version they've just sneered as if it's a parlour trick.

    In short provided this kid sits on the other side of the bench at Birmingham some time, and learns to THINK as well as DO, he'll go places.

  12. No One
    Gates Horns


    Cool another script kiddie, and wow this one has a piece paper...

  13. Chris Branch

    Good for him

    Good for him for doing something. Pity he didn't spend his time on more practical work like a 14 year old I know - but that'll come soon.

    The real question is, has he actually learnt anything other than this 'ethical hacking' business in this past year? They teach you all that stuff at school for a good reason y'know.

  14. Ian

    Is this all it takes nowadays?

    What a load of crap, why is this newsworthy? It reminds me of my cousing who was in all the papers for passing her Spanish GCSE at 13 whilst neglecting to mention she'd been living in spain for 8 years prior.

    When I was 15 I discovered a vulnerability whereby you could elevate your privalages by injecting code into a running process with higher privalages, I wasn't the first person to do so it was already a known issue in Windows but I didn't know this at the time and the point is that I discovered it without any outside help or influence. As such I hardly thing passing a certification like this is exactly impressive for someone his age and god only knows why it's newsworthy. In fact, going back further it's not as if it was uncommon for the early hackers and phreakers to be under the age of 16 now is it?

    I don't agree with the idea that all certifications and qualifications are worthless, I've been on some that are actually very good for example the Open University does a Web Applications Development certification and when I looked over a colleagues materials and work it really is fantastic quality. Similarly I think a lot of Comp. Sci. degrees are actually very good but people get them mixed up with IT degrees which really aren't worth shit. I personally think there's something very wrong with having both IT and Comp. Sci degrees, IT degrees are far far easier and far less useful and yet they result in the same qualification as a comp. sci. degree, that is, a BSc usually. I truly think IT degrees should be abolished and only Comp. Sci., Software Engineering and Project Management degrees should exist - IT essentially just takes the very easy first 6 month to a year materials from each of these areas and makes a degree out of it rather than every actually making students handle the harder stuff from either of the subjects.

    That's not to say there aren't shit comp. sci. degrees either, of course there are but not all comp. sci. degrees are that bad to be honest so outright writing them off is unfair. Anyone who gets a first class honours in a good comp sci degree will know their shit for sure, ironically more so than the people who say "Degrees, pah they're for idiots".

    I suppose to sum up my point, there are good qualifications and bad qualifications, similarly there are people who are qualified to write off qualifications as being shit and there are people who just write them off because they never actually got one themselves.

  15. matt


    A cert does not equal experience.

    I have been security testing for 4-5 years for proper ethical security companies and met a number of people with these so called "degrees" and "courses" under their belt. It becomes apparent very quickly that in fact they have no idea and believe its a tools paradise when it is not.

    This kid however is aware that he has no experience and instead of applying to Brum uni for IT work should be applying to pen-test companies to build experience.

    Crest and Check is the way forward.

    A company should be employing a security company with experience.


    M @ MRS Sec

  16. David


    Totally with you on the comment about most courses there. I know a huge chunk of people who have done or are doing MBAs who do them because they're then perceievd as being better as business, when most of them aren't learning anything because they've got the practical experience. On the other hand, I know people who learn a lot from them, but that's the minority

  17. Mike Green
    Thumb Down

    Degrees are useless...not

    A lot of people moaning here about the quality of degrees being not as good as experience, that's certainly true in a lot of cases, but equally true the other way around. I've met lots of 'experienced' people who've written badly optimized, barely comprehensible or maintainable code, even (probably mostly!) by them, because they didn't have the faintest clue about the theories of writing good code. Degrees aren't just about theory though, they do real world case studies. What's worse is when these 'experienced' people go on to teach others their bad habits.

  18. Anonymous Coward
    Anonymous Coward

    Well done!

    Now all you have to do is spend another 10 years doing security to be any good at it.

  19. John Benson
    Thumb Up

    Three cheers for certifications...

    ...and the people that love them.

    Certifications and degrees are really only worth what the student put into them, no more and no less. They may occasionally appear to have economic value out of proportion to a certain individual's effort expended in obtaining them, but eventually the disparity becomes evident and the truth will out.

    That said, I don't understand why all the fuss over someone earning a certification, teenager or not. The article did not allege that "any certified person is more qualified than all non-certified people" yet many posters went through the roof as if that had been the case.

    I think there is a definite place for certifications. I consider them at the very least a bona fide declaration of interest in a subject, and use them to hint at the fact that I'm not a one-trick pony. Although my stock-in-trade is mainframe programming, I went on a certification binge a few years ago and racked up 5 CompTIAs (A+, Server+, Network+, i-Net+ and e-Biz+), a CIW Associate and 3 WebSpheres (Application Server 5.0, Portal Server 5.0 and WSAD Associate Developer) to complement my HP Mission Critical Developer mainframe title. I'm out about $1000 in books and exam fees for the CompTIAs and CIW Associate but spent no money on the WebSpheres: I got the travel expenses, bootcamps and exams for free by being in the right place at the right time. Except for the WebSpheres, I figured "Hey, I know most of this stuff" so collecting the certs was largely a pleasurable experience except for having to temporarily memorize IRQs, DMAs and detailed technical characteristics of early SCSI standards.

    Although my CompTIAs and CIW Associate credentials are the most basic possible, they do show that I've had my hand in micros and web technology besides slinging C and COBOL for a living. If I crack a computer case at work and someone looks at me cross-eyed, I can cite my basic A+ and Server+ technical credentials ("It's alright, I'm a doctor..."). If Desktop Support is about to do something questionable to my PC, I'll begin a sentence with "I know I'm only an A+, but...". This usually gets a laugh because most of them are Microsoft Certified Professionals or higher.

    Bottom line: credentials of various types document that I have skills in these other areas that don't appear in the recitation of work experience.

    And that's not all: I'm planning on going on another tear and certifying in Linux, PHP and MySQL. No boot camps, just books, playing around with the technologies, sweating a few exams and then feeling good about passing.

    And before taking any pot-shots, just ask yourself if you would feel comfortable in the office of a doctor with no diplomas on the wall.

  20. Damian Gabriel Moran

    You know experience counts, I know experience counts...

    but tell that to the HR departments that solidly believe a piece of paper saying you can do something is more important than years spent actually doing it.

  21. Igor Mozolevsky

    RE: Three cheers for certifications...

    > And before taking any pot-shots, just ask yourself if you would feel comfortable in the office of a doctor with no diplomas on the wall.

    AFAIK, the doctors have to have a significant amount of hands-on practice before they're let loose into the world on their own... I definitely would not feel comfortable with a doctor who had a diploma in reading a selection of books on anatomy and tinkering with corpses... Don't even know if someone like that would even be allowed to perform and autopsy...

  22. Hugh_Pym

    A lot of bitter people here

    So. It appears that professional qualifications count for nothing because they are just bits of paper. Experience doesn't count for anything because it just means you did something, not did something well. Manufacturer specified qualifications are just a way of promoting products and, if you take the overall view, Everybody thinks everybody else is crap only they 'really' know.

    No wonder we have difficulty in being taken seriously as an industry. maybe there should be a professional body to oversee the qualification of IT/computer industry professionals. After to paraphrase John Benson. 'Would you trust a doctor who qualified at the Saint Regis University or who has a diploma from Pfizer or even worse the from the university of life?'

  23. Anonymous Coward
    Anonymous Coward

    Qualifications are quantifiable

    Experience isn't.

    If you say you have 6 years experience of hardware coding operational device drivers in Windows 2008 Advanced Server, then you actually might have. Or you might not.

    However if you have a piece of paper you have a piece of paper and you can prove it.

    Anyway, if you are really *that* experienced in a subject then it should really be trivial for you to pass the exam and gain the piece of paper to go with your 85 years hands-on expertise.

  24. Vic
    Paris Hilton

    I think we might be missing the point.

    About newsworthiness, hell who knows. About bits of paper, they're worth absolutely peanuts in the real world. That stretches from th'owd O levels all the way up to every other bit of toilet roll you acquire on your way through life.

    But the point of getting bits of paper is to prove that you can, that you're vaguely capable of this kind of stuff. Otherwise how does the poor monkey in HR tell the difference between a 16 year old who claims to have spent the last 5 years being an ethical hacker and knows everything (actually what he means was he nicked his mum's email password and has been reading her stuff) and a kid who genuinely does know their stuff?

    You've got to remember that HR aren't subject specialists. In the case of a couple of companies I've worked for, HR aren't even HR specialists but that's another story. They've got to have some kind of screening mechanism to try and minimise their effups.

    The bloke is 16, I think we should give him some credit. If a 16 year old gets a diploma in something it's usually pretty cool and took some general brightness. Usually. Maybe. Sometimes.

    Paris don't need toilet roll though.

  25. John Foo

    it's not because is young that he's automagically a SK

    hey this kid reminds me someone. me.

    started coding very early (4) with the C64 my uncle gave me after i disemboweled one of is boxen (was working as a CS consultant at that time, and he had access to *incredible* hardware), and had a linux installed in 1992. hell yeah i'm 23.

    for many people , this kind of early acquisition is often viewed at best as laughable weirdness, or worse, plain bullshit.

    but for fsck sake ! anybody who have been in the situation of presumably not having any skills, in any field, for the mere reason they're "too young" are eager to prove they just *can*. i don't really know how it is here in good ol' albion, but on the other side of the channel, RH are tempted to trust *only* your diplomas (may you have 20+ years doing precisely *this* job) and i kept until recently hearing "no, you can't know what you are saying you know", and that from people *who don't even the start of a clue*. not fitting in the-little-case isn't good.

    give us assault courses anyday. we'll have many surprises (or not). i personally think that RH should strictly rely on a two part (text, theory based test ; assault course) recruitement to evaluate the candidates. that should strike off the list the-people-we-shouldn't-have-recruited.


    ah, and @rory alsop thanks for pointing CREST :)

  26. Anonymous Coward

    not true

    i did the CEH, and on the course there were 2 people from GCHQ, 2 from BAE systems, and an ex-army security consultant. all of them other than me were heavily un*x /linux-centric, and all of us found the course challenging. the coursework was about 50/50 windows-to-linux, and covered a plethora of techniques, while concentrating mainly on sound knowledge of the simplest of tools like nmap. IMO the CEH gives ordinary network admins a good vocabulary with which to go on and become great network admins. have any of the previous commenters actually been on the course?

  27. Steve

    Let's have some realism here

    The kid is 16 years old. Bitching that he doesn't have experience and that this qualification is worthless, is like me saying GSCE science is worthless because I've got two degrees in physics and I've worked in commercial labs.

    Stop thinking of this as "kid with certificate thinks he knows more than me". He's a kid doing his GCSEs who know has a good theoretical grounding in the area he wants to work in and also has as much experience as most of the "certs don't beat experience" crowd ever had at his age.

    And the experience he gains after this will likely teach him more than they learnt as he understands the theoretical framework underpinning what he is doing.

  28. Anonymous Coward
    Thumb Up

    Give the lad a break

    He's 16.

    Of course he has no experience, but he's made a good start by doing this course and getting some theory under his belt.

    He knows what he want to do, and he's just taken the first step.

    Now he needs to get a job that will give him the practical experience.

    Moaning about a 16 year old not having experience in the IT industry is just pathetic.

  29. Anonymous Coward
    Thumb Up

    Man you guys need to get out more

    Cut the guy some slack and stop trying to make yourselves feel bigger.. This is very impressive and to complete somthing that has taken 10 months ontop of school work shows that he has commitment again somthing else which an employer would look for.

    You have all complained that he has no experience. Hes 16, how much experience can you achieve at this age. Personally I think everyones jealous and should quit crying that the register hasnt written a story about them!

    I wish him all the best

  30. Steve B

    Don't knock the certifications.

    I have been in the business over 30 years, much of it at the forefront of the technology. There were no courses about as we knew as much as the developers. I refused to take MS certification when it came along as many of the answers were blatantly wrong, meaning one had to choose the option that put MS in the best light, which I decided was ridiculous. For over 10 years I have single handed supported 70 plus user international connected systems using MS software as well as Open Source where applicable. For 8 years of 24*7 the company total system downtime was zero. Specific applications downtime was less than 5 working days in total and most of that was down to a fire in the estate power supply plant building.

    Now I need a job but can't get one as I don't have Microsoft Certification, Cisco certification etc etc. Still after 6 months I may be retrained so I can get a job in a resource desperate field like... IT!?

    Well done kid, Go for all the certs you can get while you have the time. Later on when you are working, with a good colleague you will recognise bits and pieces and it will start to fall into place.

  31. multipharious
    Thumb Up

    Certifications prove one thing for sure

    They prove that you have the determination set an additional non-requisite goal, go about preparing for that goal, and to finish what you start. Many of the folks out there bemoaning how worthless they are likely have never completed an arbitrary and tricksy MCSE course load of 6 or 7 exams. They are not devilishly hard, but they do require that you study, and if you do not take them seriously you will fail. You want to get a lackluster score or fail, go to a braindump. The wrong answers there will confuse you if you are just aping without technical foundation. Go poke around, it will shock you what kind of garbage (used to be at least) posted.

    I retain an MCSE from days when they were not so common, but I now have years and years of experience behind me to boot. I still have a bit of fraternity with other cert people, and my MCSE buddies are achievers.

    I also have helped to write certification exams...which is an interesting process.

    So those of you can poo poo this if you want to. Bravo young man. You set a goal for yourself, and you did it!

  32. Anonymous Coward


    I feel pretty upset by the comments posted by those that scream certifications != anything. I'm 17 and have been grabbing certifications through highschool programs since 15. I'm on my way to being MCSA (2/4), I'm already A+, and next year I'll hopefully have CISCO. With these pieces of paper I've tried to get low level tech jobs or repair jobs, with no success. I know that there is only a few people, if any, that know their stuff at geek squad, and the rest of them don't have a clue what they're talking about. Granted a 17 year old with no previous work experience would seem like an ify idea, and I understand that completely. You guys on the other hand shout and scream that certifications have no point and this kid is the dumbest thing since Windows ME. You can't get IT jobs all that easily when you're at or under working age, and even though you worked on friends' and family's computer problems you can't write it on a resume because it wasn't official work. If anything large and heavy falls off a large building onto your head, it wasn't me.

  33. This post has been deleted by its author

  34. Peter Gathercole Silver badge

    Education for education's sake

    We are in danger of using a very broad brush to tar the whole of the Computing education system.

    Commenters have mentioned everything from boot-camps to degree level qualifications, and most of them have been negative comments.

    There is a VAST difference between a tick-all-the-right-boxes test after a five day course, and a four year sandwich degree with yearly exams. And there is variation in these as well.

    I was a product of the University system 25+ years ago, and still value much of what I learnt. I have since taught, both in Further education, and on get-them-through-the-test courses. Both can be valuable, but for different reasons. In many cases, it is HOW they are taught rather than what is taught that is important, and encouraging an enquiring mind is the desired result, and the certificate is a by-product.

    I applaud this 16 year old, as he clearly has the right-stuff to go much further, and be a really useful person. He even acknowleges that he has much to learn, something that many people I know in the industry have not learned after 20 years.

    I do believe, however, that the learn-by-wrote certification method leaves much to be desired, and value experience over certificates nearly every time. But those of us who say that experience is always better may not actually have learned enough to know their own limitations.

    Viva good education, however it is delivered!

  35. u235
    Thumb Down

    Teenage wasteland

    Until more teenagers take the test it is difficult to have any perspective on the level of accomplishment or indeed the true measure of the qualification. If a gorilla passes the test does that mean the gorilla is a genius or the test is poor?

  36. Anonymous Coward
    Anonymous Coward

    @Not True & others...

    Yep, i've done the CEH....and the guys that i know have done it have come from the DHS (Department Homeland Security to us non Americans), the US Military and their friends in Washington, as well as the usual security consultants and banks and finance sector IT staff.

    Is it a replacement for experience? Hell no. But then no qualification should be. The problem we have is that a paper qualification IS taken as the pre requisite before even being allowed to apply or be considered for a job. That then causes the problem that many highly experienced IT professionals are sitting around not getting considered for jobs that they could easily do simply for lacking that piece of paper.

    Not a great situation.

    So, i'd simply say well done to the kid. You have started out on the right track, keep going - learn as much as you can and try and get an accomodating employer who will help you gain further qualification whilst getting real world experience. But be warned there aren't too many out there !!

  37. John A Blackley

    Ah, Mondays

    I see the usual "there must be something in this article I can moan about" crowd are in today.

    So certifications are worthless, huh? Experience is all? Now, hands up how many of those who hold those opinions are the same crowd who whine and moan here about their lousy jobs and the stupid people they have to work with?

    Certification is nothing more than evidence that a person has completed a body of work. Every employer I've worked for was well-aware of that and also aware that certification, by itself, is no substitute for certification plus experience. So what's the problem with a sixteen-year-old getting himself a certification? Should he have ten years of verifiable experience under his belt by now? I think there are child labour laws that might have got in his way.

    By the way, reading the above posts, a certification in spelling might have some value to El Reg's regulars.

  38. evilbobthebob


    As a student, who's failed miserably to get part time jobs, I'd like to know exactly how all these people intend young people get experience...unless we're given the chance, which happens to be given by good qualifications...

    Good on the guy for getting the cert...10 months to pass is good going imo.

  39. Kenny Swan
    Paris Hilton


    I guess you don't study English at University either? It seems the entrance requirements have gone right downhill...

  40. John Foo
    Paris Hilton

    one and for all

    recruitement should be based on pure skills (skills has in "man, this guy has *skills*) not on experience, age, gender, or anything else. i have seen 14 yo far better coders than many "i have 20 years of FORTRAN under the belt, so *of course* i am a good C coder. now get back to school *snortling*" so called professional coder.

    every day we are confronted with code monkeys/ pseudo sysops which, as they have survived for a decade in the field (mainly by ducking a lot, and a*slicking even more) are screwing with our jobs. one of the exemples today. an application stops working mysteriously. of course, the client calls us (systems & network) bitching around how ne'er do well we are. and after a few hours digging into the binary (we don't have of course access to the source... we don't have their mad coding skills don't we ?) we finally discover a *huge* leak AND THREE OVERFLOWS. in a bubble sort. of course.

    what do we do ? we call the dev team (of course, we have no bug management system...) which start to get mad, because that *can't* be them, no it's not worth to look, it just can't be them. they know how to code. we don't know our job. of course it's us. and valgrind ? what's that ? code coverage ? what ? what do you mean by Q&A. WE KNOW HOW TO CODE, UNDERLING !

    yeah. IT support most stressful job ? no wonder... would *so much easier* if RH started by filtering the bozo's at all level. we have one in our team too of course. perfect for logging support call, an general monkey work. he will never have any root password. neither should the code monkeys have commit access. hey they can still do the documentation.

    well enough renting for today, i have still to hack *his* software to make it looks like its working. or not.

    PH, because she is pure emptyness

  41. Soroush
    IT Angle


    Im born on the <April 3rd 1983> n I became a MCP on the <Dec 16th 1999> & a MCSE on the year 2000. do you think i was a "YounGest" too :D ??? just for me to know n be proud LoL

  42. JohnG

    Certification needed in Germany..

    .. for anyone who uses hacking tools like Wireshark, nmap, etc. A law enacted last summer means that possession of such tools in Germany is allowed only for certified security professionals.

  43. tim chubb


    doesnt make you any good though, maybe im just cynical but reminds me of kids u get on blue peter talking shit about the website they "wrote" with dream weaver......

    as for MS and cisco cirtificates, well get a good book on TCP IP as thats all the cisco course is good for, rest is all propietry bollox, and as for the m$ 'courses' well puts u in the same league as most call center workers, msdn and a brain is all u will ever need

  44. Anonymous Coward


    As a postgraduate at the University of Birmingham I would be interested to speak to Shane. However, as far as I can tell Shane is not employed by the University. This seems like bad journalism to me.

    Maybe he works for

    * Birmingham City University (formerly University of Central England); or maybe

    * Aston University.

    Would TheRegister like to offer a response?

    Shane, if you are reading this then get in touch, google "Ben Smyth"

  45. Dan Goodin (Written by Reg staff)

    Story corrected

    Hey Anonymous Coward,

    Due to incorrect information supplied to The Register, we got the name of the university wrong in an earlier version of the story. The article has been updated. Thanks for pointing out the mistake.

  46. Anonymous Coward

    Certifications and experience

    Neither one means anything if the person possessing it is dead from the neck up. I've run into totally incompetent holders of first class honours degrees in CS, completely ineffective holders of PhDs, guys with 20 years or more experience of C programming who couldn't write hello world without having to edit it 3 times to fix syntax errors before it would compile (and then it did the wrong thing when they ran it). But they are extremely useful filters - why bother to interview someone who has neither certification nor experience (unless you have word of mouth reccommendation of them from someone you trust)? In fact, unless you are recruiting for a very junior position, why interview someone who doesn't have both certification and experience?

    Of course the average recruitment consultant and the average HR type can't even read a job spec and a CV and see if there's any sort of match, and will even ask for quite insane experience (like the people asking for 10 years Algol 68 programming experience in 1971, which presumably required the candidate to have access to a working time machine) so they will fail to make correct use of certification and experience requirements as a candidate filter, and then it isn't at all obvious to either the candidate or to the hiring manager or team leader, once the recruitment "professionals" have got involved, that either certification or experience means anything at all. It's different with a real professional recruitment type, but those are few and far between and hard to find.

    Unlike these typical HR types, I know what I'm looking for and I have a pretty good idea how to recognise it. And I can tell you now that a guy who picks up the ethical hacker certification at 16 will probably, by the time he's 21, have what I'm looking for. His ethical hacker certificate, in itself, is indeed irrelevant in terms of its practical content - the stuff it covers is not the stuff that my team needs, and most of the practical side of it will be out of date anyway in 5 years time (the theoretical side will continue to be relevant pretty well for ever, but most comments above seem to regard theory as pointelss; a remarkable piece of stupidity, as theory is often widely applicable and learning a new programming language or operating system is child's play compared to acquiring a good grounding in the theoretical underpinnings of computing and IT). The attitude he has demonstrated by getting it at the age of 16 *is* part (a very large part) of what I need. I imagine that other serious professionals (including a minority of those who commented above) will feel the same way.

    Of course what nearly everyone fails to see is that experience and certification doesn't have to be directly and tightly relevant. Far too many people will say something like "ethical hacking isn't relevant to programming a web service, so that qualification is no qualification for the job I want filled". Well, those guys can safely leave the CV filtering to the HR types, who won't screw up filtering on the CV content any more than they would themsleves.

This topic is closed for new posts.