In the past few years, many people - myself included - have expressed a desire to see the quality of the Microsoft certification program improved. Even though there have been some positive changes in the MCP program during the past few years, it still lacks the repute (and frankly, market value) many of us hope for. On that topic, I was interested to read in Greg Low's blog earlier this week that there is a new Microsoft Certified Master certification program for SQL Server 2008.
According to Greg's post and the information on the official website, this track is a rigorous 3-week program (that's three straight calendar weeks, not three work weeks) that blends instruction, labs, and exams to provide a comprehensive evaluation of candidates for the Microsoft Certified Master: SQL Server 2008 certification.
This program is not for the faint of heart or wallet – long days and the extended schedule make a brutal learning schedule, and the $18,500 price tag (plus travel, lodging, etc) set this certification apart for only a select few. There is a formal application process, and candidates must meet a number of criteria to qualify; a minimum of 5 years experience along with the MCITP admin and developer certifications are the most notable prerequisites. The application fee alone is $125 and is, of course, nonrefundable.
We asked for a better, more thorough certification process. Is the Microsoft Certified Master certification the answer? No, at least not by itself.
Let me first say that this new certification is a great idea. Those who need or desire to set themselves apart as the top 1% of the top 1% will be well served. I can think of a few people I know whose knowledge, experience, and occupation would be well suited to justify this kind of investment, but I can count those people on one hand. Most people can convince their employers, or can justify spending from their own pockets, a few hundred, perhaps even a thousand dollars every few years to maintain current certifications. However, many employers have to be given the hard sell to send their staff to one week of training at $2-4k per week, never mind the $18k plus expenses (along with three weeks away from work) for this new offering from Redmond. There are probably a few independent contractors who could cost justify this, but for the other 99.9% of us, it would be impossible to amortize such an investment of time and money, especially considering that we’ll see a new product every three years.
There is still a large underserved population within the SQL Server community who want for more than the off-the-shelf MCTS/MCITP certification offers, but are unable to rationalize spending the kind of time and money required for the new Master certification. I would like to see something in between these two extremes: a certification process requiring an application process and certain experience benchmarks, along with more practical examinations and at least one personal interview. In my mind, this is a process that could be completed in three or four days, administered regionally rather than solely in Redmond, and farmed out if necessary – at least partially – to existing test providers.
I know this would take some time to implement, and even cutting-edge companies such as Microsoft take some time to change direction like this. The answer may come from a party other than Microsoft – perhaps even PASS as Andy Warren suggested recently.
Comments for or against are welcome…. Let me know what you think.
Working with healthcare organizations, I am constantly aware of the restrictions my staff and I must abide by according to HIPAA constraints. It’s not really rocket science; as far as data security goes, HIPAA mandates what logically should already be in place. Any organization that takes data security seriously will already have safeguard on the storage and transmission of data, fully tested backup and recovery procedures, comprehensive access control, and auditing tools. I’m quite sure that most people feel safer at night knowing their sensitive medical records are safer because of HIPAA. But it is really safer?
Like most government regulations, HIPAA dictates what should or must be done without indicating how it must be done. There are certain key items, including uniquely identifiable user IDs and auditing, that are specifically identified as “Required” by HIPAA, but the standards for these mechanisms is not further defined. For many other elements, entities governed by HIPAA are required to take measures that are “reasonable and appropriate”, leaving much room for interpretation. And it’s that gray area that makes me question the effectiveness of regulation as a whole.
For me, reasonable and appropriate security measures include a need-to-know policy for data access, encryption at every leg of in-transit data, a fully anonymized data set (no live data) for testing and training, and desktop access procedures to prevent inadvertent unauthorized access. However, because regulations are largely subject to interpretation, one cannot be absolutely sure that these measures are being taken to safeguard sensitive data. I have worked with a number of vendors who properly insist upon abiding by the best-practice implementation, but there are still many shops – and even some large organizations – that only do the bare minimum to avoid fines from the feds. I know of one large software vendor which has a standard practice of rolling out their entire live environment, complete with sensitive personal information, to the training and testing environments where auditing is minimal if not completely absent. I dealt with a small shop recently that was receiving most of their data on a standard unencrypted FTP server. Interestingly enough, when I challenged their technical person that the FTP server was not secure, she told me “No, it’s pretty secure here.” Pretty secure? What, secure as in it’s locked up in your server room? And though it’s difficult to prove or audit, I suspect that the exchange of sensitive information is done via e-mail much more often than people acknowledge.
Fortunately, in all of the cases I’ve found in which I found a potential vulnerability, I was able to strongarm the parties involved by waving the HIPAA security rule flag – even though there may not have technically been a violation of regulations, the suggestion that a high-profile breach was possible was enough of an argument to force a procedure change. Still, when I think about all of the places over the years where I may have left sensitive data, I can’t help but wonder how seriously those places are in terms of security? Are they as stringent about security as I am, or do they have the kind of lackadaisical attitude about data protection that keeps people like me up at night?
I’m curious – since most of my regulatory experience revolves around HIPAA, I’d like to hear from those who regularly deal with SOX or similar legislation.
Turning up the heat. Take it up a notch. Stepping up to the plate. Less talk, more action.
However you choose to describe it, I’m upping the ante on my participation in the SQL Server community. As I wrote in my previous post, I had allowed myself to get so busy with other things that I neglected my professional writing for months. Well, to the enjoyment of both of my blog subscribers (thanks Mom and Dad), I’m now on a schedule that a drill sergeant would appreciate.
Thanks to inspiration by the blogging of others (Steve Jones and Andy Warren and their regular daily blogs) as well as some online articles including Scott Hanselman’s How To Be a Better Developer in Six Months (even though it’s been some 16 months since he wrote that…. I really have been slacking), I am taking it on myself to schedule regular contributions this site and the community as a whole. I’m publishing said schedule for two reasons: 1) to remind myself of what I have committed to, and 2) I fully expect that my fellow community members will taunt me relentlessly if I start slacking.
So here goes:
To be fair, the last one is more of a long-term goal, but putting it out there will be a friendly reminder to me, and will serve as my announcement of my interest in same, in case anyone is in need of those services :)
I’ve set some other goals for myself that will not be as visible to the community but, in taking Hanselman’s advice, I’ll share them with you here as well:
So there it is. It seems like a very short list considering the amount of time I’ve been working it out in my head, but it’s out there, it’s public, and I’m committed. If I am spotted slacking in any of these goals, you all have my permission to call and harass me, or just leave snide comments on my blog. For my part, I promise to report back on my progress of these less-visible goals.
After 2 years working on a data conversion and software implementation project, I’ve finally started to get caught up on a few things. The past 5-6 months have been particularly intense, and during our go-live weekend I spent something like 50 hours straight at my office. Now that it’s behind me, I’m glad it’s done and the project was a success, but as I took stock at what I’d missed out on, I realized how much I had let other things slide. I was 6 weeks behind in reading the daily e-mails from SQL Server Central, and I had somewhere north of 600 unread blog items in my Google Reader. Even more importantly, I practically dismissed blogging and forum participation, two activities that I enjoy and have helped me establish a decent reputation in the SQL Server community. I allowed myself to get too busy doing my job to make sure I stayed good at my job.
So how do I keep this from happening again? First, the past week of doing little more than playing catch-up has educated me in the importance of keeping up with the little things, like reading blog posts and composing same; suffice it to say that this was a lesson learned. Next and most importantly, I have developed a plan (more on that in a later post) that will not only ensure that I return to a level of participation that I am comfortable with, but will help me to push myself to be even more involved in the SQL community.
On a mostly unrelated note, this will be my first blog post using Windows Live Writer. I had been using the web interface at SSC which worked well but lacked a few features (offline composition, real-time spell check). We’ll see how this goes…
I broke down and bought my first Vista machine last Sunday, an HP Pavilion from a local box store. From the outset I was underwhelmed by the performance of this system (a 64 bit system with 4gb of RAM), which should have been screaming but wasn't quite. My 3 year old Gateway was running circles around this thing.
So after a few hours of removing what can only be described as factory-installed Crapware, this state of the art machine was still dragging. I pinged my local SQL Server user group to solicit some recommendations which proved to be quite helpful. I shut down the search indexing feature, ran a full defrag and bought an SD card to enable ReadyBoost, and these changes finally brought my system to an acceptable level of performance. A few further tweaks and I am finally satisfied that I'm getting my money's worth.
On a positive note, I did not have any issues installing SQL Server 2005 or 2008 on this machine. I had read of some early problems with SQL 2005 and Vista compatibility, but I did not find any problems. VirtualPC 2007 runs well after installing machine additions on my new VM - I had been using VMWare for virtualization and was unaccustomed to this step.
So for now, Vista and I are getting along well. We'll see how it goes.
