One way developers can set themselves up for better opportunities is to pursue certifications for skills that are relevant to their career. A certification offers an opportunity for developers to show others that they have a particular skill; It’s one thing to list Kubernetes as a core competency on their resume, and another to say they’ve passed the certification exam for one of the CNCF’s Kubernetes certifications.  

“People are really happy by taking a certification, because it is the validation of some knowledge,” said  Christophe Sauthier, head of CNCF certifications and trainings, in a recent episode of our What the Dev? podcast. “It is something that we feel is really important because anybody can say that they know something, but proving that usually makes a real difference.”

A 2023 CompTIA report found that 80% of US HR professionals surveyed relied on technical certifications during the hiring process. Sauthier said the CNCF has conducted a survey looking into the impact of certifications as well, and has also seen that people who obtain them generally benefit. 

“More than half the people who answered the survey said that taking some training or certification helped them get a new job,” said Sauthier. “It is a way for people to be more recognized for what they know, and also to usually get better pay. And when I say a lot of people get better pay, it was about one third of the people who answered our survey who said that they had a higher pay because of taking training or certifications.”

Another survey from CompTIA in 2022 showed that IT professionals that obtained a new certification saw an average $13,000 increase in salary. 

How to select a certification

In order to see these benefits, it’s important for anyone pursuing a certification to think about which one will best suit their needs, because they come in all shapes and sizes.

Sauthier says he recommends starting with an entry-level certification first, as this can enable someone to get used to what it means to take a certification. 

Then, it might make sense to move onto more advanced certifications. For instance, the CNCF’s Certified Kubernetes Security Specialist (CKS) certification is “quite tough”, he said. However, its difficulty is what appeals to people.  

“People are really attracted by it because it really proves something,” he said. “You need to actually solve real problems to be able to pass it. So we give you an environment and we tell you, ‘okay, there is this issue,’ or ‘please implement that,’ and we are then evaluating what you did.”

Sauthier did note that difficulty alone shouldn’t be a deciding factor. “When I’m looking at the various certifications, I am more interested in looking at something which is widely adopted and which is not opinionated,” he said. Having it not be opinionated, or not tied to a specific vendor, will ensure that the skills are more easily transferable. 

“Many vendors from our community are building their bricks on top of the great project we have within the CNCF, but the certifications we are designing are targeting those bricks so you will be able to reuse that knowledge on the various products that have been created by the vendors,” he said.

He went on to explain how this informs the CNCF’s process of certification development. He said that each question is approved by at least two people, which ensures that there is wide agreement. 

“That is something that is really important so that you are sure when you’re taking a certification from us that the knowledge that you will validate is something that you will be able to use with many vendors and many products over our whole community,” he said. “That’s really something important for us. We don’t want you to be vendor locked with the knowledge you have when you take one of a certification. So that’s really the most important thing for me, and not the difficulty of the certification itself.”

The CNCF recently took its certification program a step further by introducing Kubestronaut, an achievement people can get for completing all five of its Kubernetes certifications. Currently, there are 788 Kubestronauts, who get added benefits like a private Slack channel, coupons for other CNCF certifications, and a discount on CNCF events, like KubeCon. 

The post Using certifications to level up your development career appeared first on SD Times.

In the time since Let’s Encrypt began its beta in November of last year, the site has handed out more than 1.6 million certificates, encrypting more than 3.8 million websites.

(Related: EFF files amicus brief in favor of Apple vs. the FBI)

Stephen Ludin, chief architect at Akamai, said, “From the very beginning, Akamai has been committed to supporting Let’s Encrypt’s vision of enabling greater use of SSL/TLS across the Internet. This milestone is confirmation of Let’s Encrypt’s ability to execute on that vision and have a tremendous impact to the Internet ecosystem.”

The Let’s Encrypt site is now responsible for bringing the entire WordPress blogosphere into SSL as well. That site used Let’s Encrypt to handle more than a million hosted blogs.

In addition to officially leaving beta, Let’s Encrypt added some new sponsors to its group. Duda, Fastly, Gemalto, HPE and ReliableSite have all joined as sponsors, which also include Akamai, Cisco, Google and Mozilla.

“We’re very proud to be a Gold Sponsor for Let’s Encrypt, which leverages our industry-leading hardware security modules to protect their certificate authority system,” said Todd Moore, vice president of encryption product management at Gemalto. “Encryption by default is critical to privacy and security, and by working with Let’s Encrypt Gemalto is helping to deliver trust for the digital services that billions of people use every day.”

The post EFF hands out free certs for all appeared first on SD Times.

First, let’s catch everyone up. The EFF, Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan got together last year and began building a free way to get a security certificate. If you’ve ever had to deal with a certificate authority, this should come as a great relief.

First of all, Let’s Encrypt is free, so there are no purchase orders to write. Second of all, Let’s Encrypt actually handles the whole process around the certificate, which means they can get you updated certs as soon as they expire.

If you’ve been reading the technology news at all for the past 10 years, you likely know that even Google and Microsoft have let their certs lapse from time to time. This results in users bouncing off your site with warnings that the site may not be valid or may be compromised in some way.

(To be honest, I’ve only ever had that warning pop up for sites with expired certificates; never have I come to a falsified site in the wild, though I am aware they do exist.)

Fortunately, though, Let’s Encrypt really does solve the biggest problems with security certs: renewals and expiration. When you’re in a humongous company that can’t actually pay for things with credit cards, or change anything in an outward-facing server, jumping through the hoops needed to get a valid cert can be incredibly painful.

Let’s hope Let’s Encrypt ends this silliness. Because if Let’s Encrypt can help to end the difficulties surrounding security certificates, maybe it can eventually help us put down the most ridiculous thing that is currently happening in security: the call by the FBI and other American law enforcement organizations for an end to encryption.

The sheer stupidity of this demand clearly shows how un-technically savvy these agencies are. It worries me greatly that the organization tasked with tracking down computer criminals believes that eliminating encryption, or putting backdoors into encryption software, is even a viable option, let alone the answer to their problems.

Clearly, the United States is scared and confused by all of the Daesh-based activity and attacks around the world, and some kneejerk reactions are to be expected. Many people, myself included, are calling for a just-as-ridiculous ban of all firearms of all kinds.

Isn’t that insane? Aren’t I crazy for thinking that we should ban all guns? Then, only criminals would have guns, and security guards and police officers would have to physically restrain people who may have guns themselves!

I wager that my personal belief that all guns should be banned, however, is just as silly and impossible as banning encryption or putting backdoors into things like AES. If encryption is illegal, only criminals will encrypt!

We’ve been through this before, anyway. For years, computing hardware power was capped for exports due to silly encryption restrictions put in place by Congress for the NSA. The idea was that if a computer was powerful enough to run high-level encryption (for instance, 256-bit keys back then), you could not sell that piece of hardware overseas.

These crazy restrictions were rarely enforced, and if they were, it was to keep computers from going to places like Iran and the Soviet Union’s allies. Still, despite the silly nature of the law, the almost impossibility of enforcing it, and the utterly terrible way in which it was written, some American companies were forced to keep their equipment from being sold overseas entirely.

But surely we should return to those byzantine days, right? Surely the only thing keeping the NSA from reading all Internet traffic all the time is the encryption schemes people use. It couldn’t possibly be the fact that trying to read all the traffic on the Internet and analyze it in real time to assess threats is a boil-the-ocean idea that could never, and will never be possible, even with no encryption?

Long story short: Encrypt those sites, people. The government doesn’t want you to do it, so all the more reason to go hog wild with cryptography. Just be like any gun nut and tell them, “From my cold, dead hands.”

The post SD Times Blog: Encryption is more than a right appeared first on SD Times.