From: Jamie Riden (jamesr@europe.com)
Date: Fri Oct 06 2006 - 17:19:18 EDT
[NB: I'm not explicitly not commenting on dallas' skill, since I have
no way to gauge it]
On 06/10/06, mailing lists <bofn@irq.org> wrote:
> and instead of getting someone who does know how to, you prefer to fumble a bit.
> doesnt seem to take much to get those 'GCIH, CISSP' certificates.
CISSP is a broad qualification rather than a particularly deep one and
I certainly wouldn't hire someone to do pen-test on the basis of that
alone.
> sorry about the flame..
> But,,, this is why the infosec bizz has become cowboy territory rather then a serious
> profession.
> and it ticks me off a bit, knowing that those who have put in the effort of learning how
> it all really functions inside, are getting a bad name from the "just sell it first, and
> then figure out later how to do it" types.
>
> the times that we have looked at companies after they where certified secure, by cowboy
> companies, and found endless amounts of flaws and serious holes, seems unreal, but is
> fact.
Like this ? http://blog.wired.com/27BStroke6/index.blog?entry_id=1563286
'Report: TrustE Sites Twice As Likely to Be Bad Actors'
The trust you place in the certification is only as great as your
trust in the certifying authority, which as we see above can take on
negative values :(
cheers,
Jamie
-- Jamie Riden, CISSP / jamesr@europe.com / jamie.riden@gmail.com NZ Honeynet project - http://www.nz-honeynet.org/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:09 EDT