From: Marc Munk (marc@pungloppen.dk)
Date: Mon Jul 31 2006 - 18:31:27 EDT
At he looks of it atm i'v has been lucky enough to a given a chance to
get in to one of the biggest consulting houses here in Denmark. I count
on this to give me some much needed experience with the everyday network
work. Which I imagine would be needed as a security consultant. I might
add that pen-testing isn't one of the area's I'm hoping to work with.
But I do expect that I'll have to do some of that. The areas I would
like to work with are perimeter security and wireless security. And the
forensics area sounds pretty interesting as well.
-----Original Message-----
From: Nathan Sportsman [mailto:nsportsman@gmail.com]
Sent: 31. juli 2006 23:13
To: Marc Munk
Cc: ajindal@alumni.cmu.edu; pen-test@securityfocus.com
Subject: Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC
Address Changer
All of my fellow peers who have graduated with a B.Sc. in Computer
Science or Electrical Engineering from a reputable school have had no
problems finding positions at top tier companies with or without
experience or certifications. However, the majority of us did have an
interest in security and had voluntarily tied ourselves to various
projects over the course of our undergraduate education. Whether it
was as a contributor to an open source project, a frequent poster to
bugtraq, or an officer of the local ieee com chapter, we all had a way
to demonstrate our abilities technically and back it up. Experience
can come from a number of places and its up to you to show it. This is
especially true when you are a recent graduate. In the end your
involvement in the community will speak for itself. That coupled with
an ability to breeze through any technical interview should be more
than enough to get you in the door of that first job (or at least it
was for my peers and I).
As for the CISSP, I took this certification a couple of years ago and
thought it was a complete joke. I thumbed through the material of one
of those prep books for a few hours the day before the exam and was
able to pass it no problem (its multiple choice by the way). Also if
you do have a degree that counts as one year of experience, so now you
only need another 3 years before you can take it. You could probably
pass it now though, it is not a difficult test. Anyone who says
otherwise is selling something, a nontechnical manager/hr rep, or not
very bright. That being said, I do still include this on my resume for
padding purposes as some jobs will not consider you unless you are
certified. However, as mentioned on this list that will only get you
through the HR recruiter. Once the interview moves on to second phase
and you meet with the technical lead of the group, this certification
will hold little to no value. What will count is your expertise and
experience which will be ascertained then. This also all really
depends on what you want to do. The research and development community
probably places the least value on certifications whereas consulting
and services probably places the highest value on certifications.
Thanks
Nathan Sportsman
>
------------------------------------------------------------------------
> ------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the
> Analyst's
> Choice Award from eWeek. As attacks through web applications continue
to
> rise,
> you need to proactively protect your applications from hackers. Cenzic
> has the
> most comprehensive solutions to meet your application security
> penetration
> testing and vulnerability management needs. You have an option to go
> with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service
> can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm
> your
> results from other product. Contact us at request@cenzic.com for
> details.
>
------------------------------------------------------------------------
> ------
>
>
>
>
------------------------------------------------------------------------
------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's
> Choice Award from eWeek. As attacks through web applications continue
to rise,
> you need to proactively protect your applications from hackers. Cenzic
has the
> most comprehensive solutions to meet your application security
penetration
> testing and vulnerability management needs. You have an option to go
with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm
your
> results from other product. Contact us at request@cenzic.com for
details.
>
------------------------------------------------------------------------
------
>
>
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:28 EDT