Webs of Trust versus Certifications

Date Published: 29 September 2012

Webs of Trust versus Certifications

In the software development industry, as in many others, it’s important or at least helpful to be able to identify individuals and companies who are competent at their craft. Finding those who are excellent is nice, too, but honestly I’m amazed at how many “professionals” out there don’t even measure up to the much lower bar of merely competent (to be fair, I find this to be true of accountants, lawyers, and general contractors as well, so it’s certainly not limited to our profession). So, how does one go about evaluating the competence of another individual or company in a given field (e.g. software development)?


For quite some time, certifications have been popular in technical fields as a means of differentiating oneself from the crowd, and perhaps as a means for would-be employers and customers to identify those who possess some knowledge of the services they require. Some years ago when I worked as a consultant for Software Architects, they encouraged us to obtain Microsoft certifications, so I went about getting certified as an MCP, MCSD, and MCSE+Internet. In order to pass the dozen or so tests this required, I mostly took advantage of practice exams. My ability to practice the skills required for these exams, especially the MCSE, was quite limited at the time; as a result my MCSE certification represented my studying and test-taking prowess far more than any practical experience I had managing Windows networks and servers. This is where terms like “paper MCSE” come from, and I don’t question that that’s what I was (and am if it hasn’t expired – I’m not sure what the statute of limitations is on paper MCSEs).

The problem with certifications in general is that, in order for them to scale, they need to be standardized. And as soon as they are standardized, they become vulnerable to “exam cram” techniques that can easily (for many students) allow those with no practical experience in the area in question to pass the certification test. There have been some improvements in this area for Microsoft certification exams, and other certifications do require more practical exercises, but this remains an issue still today. It’s one of the reasons why I think certifications are far less valuable and sought after today than they were ten or fifteen years ago. Today, with the advent of social networks, it’s more common than ever for contracts and jobs to be filled through personal networking.

Certifications are also offered, typically, by the company that makes the product they’re certifying individuals to be competent with. Sometimes this can introduce a conflict of interest, and in many cases the certifications themselves become such a profit center that the motivation for the company is to get as many people certified (or at least taking the exams) as possible, rather than ensuring only the most qualified individuals are certified. Frequently, this leads to a lack of trust in the certification process and the certifications themselves.

Webs of Trust

A web of trust is an alternative to a certification as a means of qualifying someone’s abilities. Webs of trust are commonly used in security applications, such as for the certificates used to secure Internet communications. They’re also commonplace in everyday life – you’re far more likely to trust someone your friend or family member recommends to you than to a stranger you meet on the street, or who sends you some unsolicited correspondence.

Social networks like LinkedIn have built their business on mapping and organizing these webs of trust. LinkedIn has provided a way for you to locate friends-of-friends who match certain search criteria, for instance, so you can find everybody in your extended network whose job title includes “marketing” or who works at “Apple” if you want. It’s also long had the ability for individuals to recommend one another, but this has never had any additional structure to it until recently. Recommendations could be about anything. “Jen was a great boss,” or “Joe is very organized” would both make perfectly reasonable recommendations, but neither of these offer the kind of endorsement of technical skill that certifications typically attempt to provide.

In the field of software development, it’s also frequently the case that there are different schools of thought about how one should develop software. Being certified in one’s ability to use Visual Studio, or wire up forms and buttons to do the right thing in C# or Visual Basic, is testing only the lowest denominator of developing working software. I want to know if the individual knows how to write loosely-coupled software that is testable and maintainable. Someone else may want to know that the individual knows how to hyper-optimize the database and ensure the UI and business layers are just a veneer over finely tuned stored procedures. Clearly there are different schools of thought and cultures of software development, and no certification captures that effectively.

Skills and Endorsement

As I was thinking through these issues recently, I noticed that LinkedIn added something new. A while ago, they added a feature to their profile system that allowed users to add certain skills to their profile. This was a nice feature, but it only went so far, since anybody could claim to be skilled at anything. However, last week they took the next logical step and added endorsements, whereby individuals can endorse the skills of their contacts. This, I think, is a huge step in the right direction. If it takes off, and if it isn’t somehow completely abused and misused (both real possibilities, I know), it could provide a great deal of value. When evaluating someone, you will be able to see not only the skills they claim to have, but also who is willing to vouch for that individual’s skill. If someone I trust to write good code, or to know a lot about, say, ASP.NET, vouches for someone else’s skill in software development, or TDD, or ASP.NET, that will mean a great deal to me. Far more than if they’d left a recommendation saying “John was great to work with.”

If you use LinkedIn and haven’t added any skills to your profile, give it a shot and see what you think of the feature. You can see the skills and current endorsements on my profile in the image shown here (Steve’s profile). Endorse a few of your contacts, but remember that others will see whom you endorse, so to some extent your own reputation is on the line when you stand behind someone else’s abilities. This last bit is important, I think, to ensuring endorsements are not completely abused and “link farms” created to take advantage of them.

Steve Smith

About Ardalis

Software Architect

Steve is an experienced software architect and trainer, focusing on code quality and Domain-Driven Design with .NET.