How IT pros cheat on certification exams
- — 18 February, 2011 01:37
Incidents of cheating on IT certifications are on the rise, a trend that experts say is an outward sign of the desperation felt by out-of-work and under-employed IT professionals.
Training organizations are responding by intensifying their efforts to catch cheaters through cutting-edge defenses, such as biometric identification of test-takers and custom, computer-generated exams.
As IT certifications become a pre-requisite for jobs and promotions, IT professionals are feeling more pressure to pass the exams. IT professionals cheat by paying someone as much as $2,500 to take an exam or by using stolen tests purchased over the Internet commonly referred to as "braindump" materials.
In a survey of 200 IT professionals on IT Ethics conducted by Network World, 58 per cent said they felt that using "braindump" training materials was unethical yet 72 per cent of respondents think that IT professionals use braindump materials on a regular-to-frequent basis. And 12 per cent have directly witnessed someone cheating on a certification exam.
"Cheating is up by about 10 per cent," says Jill Burroughs, director of exam services at CompTIA, which offers 11 certifications for IT professionals including CompTIA A+ and CompTIA Security +. "Since the economy collapsed, the incidents of cheating have been steadily going up...It's human nature that in a down economy, people get desperate...They rationalize that they have to cheat because they are out of work and need a job."
Stolen IT certification exams and materials are "one of our biggest issues," says Keith Kupferschmid, senior vice president of intellectual property at the Software and Information Industry Association (SIIA). SIAA focuses on ferreting out sellers of braindump materials, which are unauthorized exam study guides - sometimes stolen copies of actual tests - that are available for purchase over the Internet.
Kupferschmid says test-takers are looking for "any edge they can get, just like a spitball or taking steroids in baseball...People think that if they can get the prior test or get the test answers ahead of time, it will help them pass the test."
News that more IT pros are cheating on certification exams comes at a time when the nation's top computer science schools are grappling with an outbreak of cheating on homework assignments. More computer science students are caught plagiarizing code or working together on assignments than students in any other major on campuses such as Stanford University and the University of Washington.
BACKGROUND: Why computer science students cheat
Cheating among IT pros happens at the workplace, too, as U.S. companies step out of compliance with their software licenses. The full scope of the problem is becoming more apparent as more disgruntled IT professionals are turning into whistleblowers against their bosses.
A whopping 89 per cent of those surveyed by Network World said it was unethical for an IT employee to make the company fall out of compliance with software license agreements. Yet 70 per cent had witnessed other IT folks knowingly violate software licenses.
Why are there so many IT cheats?
"I think it's cultural," says Stephen Northcutt, president of The SANS Technology Institute and author of the book "IT Ethics Handbook: Right and Wrong for IT Professionals." "Router jocks tend to be young, male and ADD...You add to that the sense of anonymity, that when you're on a computer screen you don't think people can watch you. There's a sense that nobody knows what you do on the Internet.''
Another reason cheating on certification exams is up: IT pros don't always consider it to be wrong. In the Network World survey, 42 per cent of IT professionals said it was OK to use braindump materials even though use of them could result in the vendor revoking their certifications.
"A lot of the people who are buying these exams are parents buying them for their kids," Kupferschmid said, pointing out that many Internet users don't consider buying braindump materials unethical. "These exams are so easy to get over the Internet. It's a big problem...People wouldn't steal a book out of a bookstore, but they would download it."
Braindump sites are numerous and proliferating. CompTIA lists 130 Web sites that are unauthorized training sites for its exams. It warns test takers that they may be precluded from taking an exam or may have their certifications revoked if they are found to use materials from these sites.
Another reason for the rise in cheating on IT certification exams is the U.S. Defense Department's 8570 Directive, which requires military employees and contractors to pass security exams in order to continue working in information assurance roles. The Defense Department is one of the few employers in the United States that is demanding IT certifications as a condition of employment.
BACKGROUND: Hottest IT Security Certifications
"That's a high-stakes situation because if you don't get your certification you get fired or retired in DoD parlance," Northcutt says, pointing out that the 8570 Directive requires people to pass tests such as the Global Information Assurance Certificate (GIAC) exams offered by SANS. "We've had cases where the proctors let the people cheat by letting them use Internet resources. We're an open book exam, but not open Internet."
What happens to IT pros caught cheating? It depends on the egregiousness of the incident. A cheater's exam score will be invalidated and he may be suspended from taking exams from those training organizations for a year. Individuals caught selling braindump materials over the Internet are subject to lawsuits and hefty fines.
"We actually catch more adults than kids cheating," Burroughs says. "A lot of our information about cheating comes from the other students in the class. If you studied, and you know somebody else bought the test off the Internet, you'll tell us. We get a lot of anonymous calls."
SIIA sees rampant cheating in all sorts of exams, not just IT certifications. In 2010, SIIA won five-figure settlements in lawsuits against three individuals who were selling counterfeit or unauthorized Kaplan study materials for the U.S. Medical Licensing Exam. A fourth individual from a prior investigation ended up paying $400,000 in damages and getting kicked out of medical school after he was found guilty of illegally mass producing Kaplan materials and selling them on eBay.
CompTIA says it is being more aggressive about catching cheaters through the use of biometric systems such as retinal and palm scans to identify test takers, as well as using remote cameras and microphones for proctoring and high-tech scanners for test materials. The organization also plans to create computer-generated exams on the fly.
"We will do a higher degree of identity management of people in a much broader sense. And we're not going to be using the arcane model of 60 people in a classroom," Terry Erdle, executive vice president for skills certifications at CompTIA, says. "We will be using technology to deliver better exams and make it so you can't cheat on them. We'll start introducing these [measures] in 2011...One of the messages we want to send is how fruitless cheating on exams is."
The GIAC Certification Program battles cheaters by using a proprietary system to manage its exams, which have randomized questions and answers.
"We have a proprietary algorithm so that each person has slightly different questions that follow the same test blueprint," explains Jeff Frisk, director of the GIAC Certification Program. "This gives us a larger number of unique instances of exams...You will not be getting the same list of questions in the same order as anyone else."
Also, once test-takers miss enough points that they can no longer pass the test, the GIAC computer system stops administering the test.
This approach allows GIAC to have a "very, very low" number of people caught cheating on exams, Frisk says.
While Frisk hasn't seen an upward tick in cheating incidents during the economic downturn, he thinks test-takers are more desperate because more of them are taking GIAC exams and failing them, over and over again. GIAC recently implemented a 15-day waiting period between exams as a result of this trend.
One suggestion for reducing the number of IT cheats is for the industry to become more professional overall. Northcutt points out that unlike doctors, lawyers or accountants, IT workers are not licensed and do not have a standard of practice or a code of ethics. Other professions have trade associations and state licensing boards to provide a level of deterrence for ethical lapses such as cheating on certification exams.
"If you go to the Defcon-type events, the attitude is it's OK to do things because you can. There's a view that just because you have a certain amount of knowhow, that lets you get away with some unethical behavior," Northcutt says. "At some point, we're going to have to hold ourselves accountable to the business as professionals."
Read more about infrastructure management in Network World's Infrastructure Management section.