Simple CV Spam Filter: if (certified) move(“junk”)

Three more guys walked through the door yesterday. The first proudly wore a Microsoft lapel pin. ‘This is something new‘, I thought, ‘maybe we’ll get lucky this time‘. Two hours later, I said to my colleagues: ‘I can’t do this any more… we are just wasting time‘.

We want to hire a few more people, and some new agency is flooding us with Microsoft certified contractors. We are not looking specifically for certifications, but somehow nine out of ten cats show off with MCSD.NET. A couple of them attached MCSD.NET to their name, in the first line of the CV, as if it was their biggest achievement to date. After the interviews, that thought seems very close to the truth.

I like to start a job interview with a few easy questions, just as an elimination round. Lately, my favourite task is writing a login handler – the problem is common enough so that most people should have encountered it in their first year of work, the solution is short enough so that anyone who writes software for a living should be able to finish it in five minutes, and it has just enough code to show the writing style and flush out those obviously deviant. The problem looks simple enough to catch people off guard, but has a few subtleties which can tell if the candidate was ever seriously involved in a big software project. I appreciate that there are tools, wizards and components out there which solve this, but any would-be developer should really be able to take care of such a problem. I don’t expect candidates to know all the API details, but middleware and server developers must know the workflow and general guidelines involved with executing a DB query.

So far, of the fifty or so hopefuls, only one knew how to do it correctly (and those were the fifty that passed a CV check). And I am not talking about students fresh out of college – we are now hiring for experienced positions to help with a big project. One even had nineteen years in the industry – how he survived for that long without getting his hands dirty is beyond my imagination. I pity the companies he worked for. He first argued that the question is stupid, then started talking about how interview performance does not really reflect coding skills. Out of respect for his two decades in the industry, I tried to explain why I want him to write the stupid login, but no luck. After repeated requests to write it if he knows how, he went through the pain of staring at a blank whiteboard for about fifteen minutes and was sent home straight away – we did not even want to give him a fair trial. With his attitude, he simply could not fit in.

Hide your MCSD.NET

I don’t think that a percentage of people with MCSD.NET who cannot write a login handler is greater than in the overall programmer population, but I am really confused with the whole idea of that certification. What does it mean anyway, if a vast majority of certified developers cannot cope with a simple login? Did those three guys yesterday really expect that they will get the job just because they had some silly pins? Should not that certification guarantee at least some level of competence?

I am sure that there are some really good developers with MCSD certifications, because their companies wanted to join Microsoft’s partnership programmes, and the interview performance of those fifty guys is not doing any justice to them, even if it ‘does not really reflect coding skills‘. And it’s certainly not doing any good PR for Microsoft’s certifications.

Printing MSCD next to the name on a CV is starting to look, from that perspective, really self-defeating – first, it is obviously not a sign of competence, and second, much worse – it’s a signal that the person behind the CV thinks highly of that certification. My internal spam filter is starting to mark CVs with prominently displayed MCSD certifications as junk.

Oh, and by the way, if you are a contractor working in London, with 3-4 years of experience in the industry, know your way around C#, can do middleware and a bit of Web, and want to join an exciting project for three or six months – send your CV. You can find my contact details here (but think twice before you include any certifications).

Image credits: George Georgiades/SXC

I'm Gojko Adzic, author of Impact Mapping and Specification by Example. My latest book is Fifty Quick Ideas to Improve Your Tests. To learn about discounts on my books, conferences and workshops, sign up for Impact or follow me on Twitter. Join me at these conferences and workshops:

Specification by Example Workshops

How to get more value out of user stories

Impact Mapping

13 thoughts on “Simple CV Spam Filter: if (certified) move(“junk”)

  1. Writing a login handler is not a trivial task.

    I am assuming you wanted code for ASP.NET forms authentication, and your candidates knew this. But there are lots of other possibilities – any system with either more than 1 user or more than 1 machine can have some concept of a login. However I don’t feel sorry for candidates confused by the question who failed to ask more details.

    There are still a lot of non-trivial parts to this. How secure does the app need to be? How fast? How many users? Can you use cookies? Do logins timeout? Anyone with experience will tell you even though the login code looks trivial, they have had difficult problems related to it at least once.

    I would avoid anyone putting anything after their last name other than PhD (or something arguably on the same level). A good candidate would never do this, unless maybe just because they thought it was what you wanted to see. It is very easy to tell the difference over the phone.

  2. Sure it’s not a trivial task – that’s why it is so good for the interview. Depending on who we are interviewing, the task might start more database focused or more web focused, and can then continue in various other directions. All those questions you listed are very good for the discussion, but sadly we do not get there very often.

  3. I’m not sure exactly what the task entailed because your description was very vague, but I wouldn’t expect anyone to be able to “finish it in five minutes.” Your expectations don’t seem very grounded in reality.

    Good luck with your hiring…it could be a while.

  4. I’m an MCSD.NET myself, and while I admit that the cert is not so hard to get and having been certified does not necessarily mean you are a good developer (only mean you know a bunch of library calls, features of .NET and VS.NET etc., not A&D skills, or), the fact that you can pass it means that at least you know s/t or two about the .NET framework and you are willing to spend some of your extra time studying to gain more knowledge. I studied for the exam during undergraduate school, and it really gave me certain advantages in job finding over other new graduates.

    Some people care about it (the partnership program is among the reasons), other do not. For those who care, the cert adds some credit to the candidates. If you do not care about it, fine, just do the damn interview as if you did not see the word MCSD.NET.

    That’s what I do when interviewing people, I do not care about their MCSD.NET (not all certifications though, the CJD looks okay to me, because at least the CJDs know how to code and design, not just choosing A/B/C/D), and only focus on real programming knowledge (those gained from experience or from Code Complete, Design Patterns, Refactoring etc.) – but I do not fail them before interviewing them just because they have a cert in their belt.

  5. Boy I hate interviews with people like you. I don’t know how to write a login script. You know why? Because I know how to find 700 examples of how it was done before. You wrote it in 5 minutes? I found it in 30 seconds in my code library or on Google. Oh, I can’t use that in my interview, I guess I fail, too bad for you. I’ll go work somewhere that will appreciate my forethought.

  6. I wouldn’t be able to write a secure login handler from scratch in 5 minutes myself. I don’t know anyone that can.

    I guess I’ll just be stuck writing code for this dumb satellite.

    If only I could instead be an html coder at one of those gambling sites that’s been banned in most of the world for engaging in illegal activity and flaunting international laws.

  7. vrodguy,

    There is a big difference between not being able to write a login system from scratch and not having done it before.

    The interviewer doesn’t want to know whether you can use Google or if you re-use code components, he wants to know your level of understanding of the most universal component of a multi-user app. He also wants to see if you know your development framework. If you fail at either of those basic tasks, then he can quickly know that he doesn’t want you anywhere near the demanding parts of an app and has saved himself from wasting a complete interview.

    Take your attitude and go work someplace far from me.

  8. David Maculay,

    You’re correct – a decent login system takes longer than 5 minutes from scratch – if there is a framework where 5 minutes is realistic I want to know about it (hint: it ain’t .NET). If the interviewer really thinks this can be done in 5 minutes, then we’ve weeded out an undesireable position in the job search.

    I think it’s possible that, with modifications, this test could be of use. Off the top of my head:
    * have the applicant spend up to 15 minutes coding a basic login system (does the applicant have rudimentary competency?)
    * discuss the new code, its limitations, and what is necessary to complete the login system (does the applicant understand the functionality and security requirements?)

  9. Hi Jer

    If the interviewer really thinks this can be done in 5 minutes, then we’ve weeded out an undesireable position in the job search.

    I typically structure the questions so that the initial task can really be done in 5 minutes, if you know what you are doing. For example, if the candidate is applying for a middleware position, we would set the stage by explaining the underlying DB objects and the first task very would be simplistic – for example writing the body of bool IsValid(String username, String password, DbConnection dc).

    I don’t expect anyone to know all API details (though they will get extra points for that), but anyone who regularly writes code to access a database should know how to do it in five minutes. People who just use wizards or do not access DB regularly will need a lot more time and help – so we can see straight away if someone will fit into our teams.

    Once that obstacle is out of the way, we can continue talking about password hashing, changing the method to return the user ID, throw different exceptions when just the password is incorrect and when the username is not valid, keeping the user authenticated for the session etc.

  10. Well now you tell us :). That does seem more normal and it makes ( IMHO ) for a very interesting interview.
    It’s also allot different than “writing a login handler in five minutes” 😀

  11. Hiring good IT professionals is actually quite easy (and quick, too), if you know what you are doing. An IT professional’s intelligence is commensurate with his understanding of the most important trend in IT today (TMITITT). If he knows a great deal about TMITITT, then he is probably very smart. If he knows little about TMITITT, then he is certainly stupid. Hence, you need only ask some questions about TMITITT. This process should not take more than 15-20 minutes, and can often be done over the phone.

Leave a Reply

Your email address will not be published. Required fields are marked *