After writing this column for more than 2 years, I'm ready to move on to other challenges. During my tenure, we've seen the training business digress from the frantic feeding frenzy in which a certification and a pulse were enough to ensure a dozen job offers to the current slump in which we almost expect to see MCSEs on the corner with signs reading "will subnet for food." Signs of life are returning to the IT community, so I thought I'd leave you with some advice based on the lessons we've learned over the past 2 years.

Perhaps the most significant lesson has been that not just anyone can manage a network, program a router, secure a server, or write a program. A few weeks of training and passing a handful of exams doesn't exempt you from spending the time required to assimilate new, complex concepts. Two years ago, I read about one training center's claim that an MCSE certification is a better choice than a college degree. That center is out of business now, and most of the students it trained are probably out of work because the training they paid for concentrated on certification and not learning the skills necessary to do a job. When the next "big thing" comes around, as it certainly will, realize that there's no substitute for the experience of solving real-world problems in an actual business environment.

The lesson companies have learned in the past 2 years is that they can't rely on certification exams to determine the qualifications of potential employees. Nearly every company in America has a story about an employee who held the certification but couldn't do the job. Microsoft is just as guilty as the training centers for pushing its certifications as the key hiring criterion. In trying to relieve the strain on its technical support lines and sell even more copies of Windows, Microsoft touted MCSEs as eminently well suited to install, support, and manage Microsoft networks. Unfortunately for many companies, many of the high-profile security breaches that have occurred over the past 2 years have been at companies with certified administrators in charge of the networks. Even Microsoft realizes that it made a mistake.

Despite these lessons, certification still matters. But now, instead of being the one most important criterion that employers look for, certification is one of several basic requirements. If you look through the classifieds and on the Internet job sites, you'll see few jobs that don't require certification. Two years ago, companies had to offer large salaries to get employees of other companies to consider changing jobs. Today, an open position might elicit dozens, even hundreds, of resumes, most of which list significant experience and multiple certifications. Clearly, companies continue to see the value of certification as a basic tool for weeding out job applicants, but certification is now just one component of an applicant's overall skill set.

Another lesson is that training isn't a commodity. Effective training occurs only when training centers provide good instructors who share their own experiences and supplement their instruction with good courseware. If you survey the training centers in your area that have gone out of business in the past year, you'll probably find that they placed a higher value on low prices and high volume than on quality. If we accept the fact that certification is only one part of landing or keeping a job and that the purpose of training is to enhance our job skills, we must require training centers to be our partners in that endeavor. This requirement means we must force the centers to concentrate more on quality control than on filling seats if they want our money and time.

Finally, the one good lesson that the onslaught of viruses, worms, and other security intrusions of the past 18 months has taught us is that it's in a company's best interest to keep good administrators and good programmers happy. Whether these employees learned their skills through classroom training or self-study, they've proved the basic tenet of IT: You can never stop learning, because there's always something you don't know. The companies that have evaded all the viral attacks, or that have suffered only moderate consequences of them, are the direct beneficiaries of the work that their administrators have put in.

Good luck in all your efforts. And thank you for giving me some of your valuable time during the past 2 years.