Networking

How IT Pros Cheat on Certification Exams

"A lot of the people who are buying these exams are parents buying them for their kids," Kupferschmid said, pointing out that many Internet users don't consider buying braindump materials unethical. "These exams are so easy to get over the Internet. It's a big problem...People wouldn't steal a book out of a bookstore, but they would download it."

Braindump sites are numerous and proliferating. CompTIA lists 130 Web sites that are unauthorized training sites for its exams. It warns test takers that they may be precluded from taking an exam or may have their certifications revoked if they are found to use materials from these sites.

Another reason for the rise in cheating on IT certification exams is the U.S. Defense Department's 8570 Directive, which requires military employees and contractors to pass security exams in order to continue working in information assurance roles. The Defense Department is one of the few employers in the United States that is demanding IT certifications as a condition of employment.

[BACKGROUND: Hottest IT Security Certifications]

"That's a high-stakes situation because if you don't get your certification you get fired or retired in DoD parlance," Northcutt says, pointing out that the 8570 Directive requires people to pass tests such as the Global Information Assurance Certificate (GIAC) exams offered by SANS. "We've had cases where the proctors let the people cheat by letting them use Internet resources. We're an open book exam, but not open Internet."

Catching cheaters

What happens to IT pros caught cheating? It depends on the egregiousness of the incident. A cheater's exam score will be invalidated and he may be suspended from taking exams from those training organizations for a year. Individuals caught selling braindump materials over the Internet are subject to lawsuits and hefty fines.

"We actually catch more adults than kids cheating," Burroughs says. "A lot of our information about cheating comes from the other students in the class. If you studied, and you know somebody else bought the test off the Internet, you'll tell us. We get a lot of anonymous calls."

SIIA sees rampant cheating in all sorts of exams, not just IT certifications. In 2010, SIIA won five-figure settlements in lawsuits against three individuals who were selling counterfeit or unauthorized Kaplan study materials for the U.S. Medical Licensing Exam. A fourth individual from a prior investigation ended up paying $400,000 in damages and getting kicked out of medical school after he was found guilty of illegally mass producing Kaplan materials and selling them on eBay.

CompTIA says it is being more aggressive about catching cheaters through the use of biometric systems such as retinal and palm scans to identify test takers, as well as using remote cameras and microphones for proctoring and high-tech scanners for test materials. The organization also plans to create computer-generated exams on the fly.

"We will do a higher degree of identity management of people in a much broader sense. And we're not going to be using the arcane model of 60 people in a classroom," Terry Erdle, executive vice president for skills certifications at CompTIA, says. "We will be using technology to deliver better exams and make it so you can't cheat on them. We'll start introducing these [measures] in 2011...One of the messages we want to send is how fruitless cheating on exams is."

The GIAC Certification Program battles cheaters by using a proprietary system to manage its exams, which have randomized questions and answers.

"We have a proprietary algorithm so that each person has slightly different questions that follow the same test blueprint," explains Jeff Frisk, director of the GIAC Certification Program. "This gives us a larger number of unique instances of exams...You will not be getting the same list of questions in the same order as anyone else."

Also, once test-takers miss enough points that they can no longer pass the test, the GIAC computer system stops administering the test.

This approach allows GIAC to have a "very, very low" number of people caught cheating on exams, Frisk says.

While Frisk hasn't seen an upward tick in cheating incidents during the economic downturn, he thinks test-takers are more desperate because more of them are taking GIAC exams and failing them, over and over again. GIAC recently implemented a 15-day waiting period between exams as a result of this trend.

One suggestion for reducing the number of IT cheats is for the industry to become more professional overall. Northcutt points out that unlike doctors, lawyers or accountants, IT workers are not licensed and do not have a standard of practice or a code of ethics. Other professions have trade associations and state licensing boards to provide a level of deterrence for ethical lapses such as cheating on certification exams.

"If you go to the Defcon-type events, the attitude is it's OK to do things because you can. There's a view that just because you have a certain amount of knowhow, that lets you get away with some unethical behavior," Northcutt says. "At some point, we're going to have to hold ourselves accountable to the business as professionals."

Read more about infrastructure management in Network World's Infrastructure Management section.

Subscribe to the Business Brief Newsletter

Comments