From: Lee Lawson (leejlawson@gmail.com)
Date: Fri Jan 19 2007 - 05:46:50 EST
In addition to some of the comments about the 'worth' of these pen
testing/ethical hacking certifications, I'd like to add my thoughts.
I have never thought that a certification automatically means that the
holder can do the job that the certification refers to.
Certifications, in my opinion do not win you a job, contract or
respect.
But... the HR manager or recruitment agent has no idea what kind of
background and experience would make the perfect candidate, they don't
know their 'deep packet inspection' from their 'covert backdoor
entry'. They have to rely on what you have on your Resume, which
includes your experience and background, but if it clearly states that
you are certified in a related subject, or an exact title replication
(applying for a penetration tester job and you are a certified
penetration tester etc), then they are more likely to bring you in for
an interview.
After that, you have to impress the technical staff with your
knowledge and skills.
The certification will open doors, your experience and knowledge will
make sure they don't kick you out after that.
Aside from the certification discussion, which has had much exposure
on this list (remember the CISSP discussion?), let's talk about the
courses.
As far as I'm concerned, if you want to get into this line of work
there is nothing better than an instructor led environment with good
structured lessons about subjects that are core to the role. If you
are a programmer or network engineer, then you need someone to aid you
in looking at securty from another perspective, that's difficult to
do! Yes, there are people that can learn from books, internet sites
etc, but I find that hard. If the course is well written, kept up to
date (within reason) and covers the base subjects well so that any
student gets a good kick start into the industry, then the course has
done it's job. The instructor has a different role to play, they need
to be massively knowledgeable on the subject and course content. they
also need to be engaging and interesting, not the complete geek that
most outsiders believe that this industry is filled with!
As for choosing a course to enrol upon, that's difficult. The best
way is to ask around. That's one of the advantages of this list, you
can ask other experts for their opinion. The only problem you might
get is that this list is full of people that have been in the field
for a few years and have become cynical about courses training people
in their field.
I would recommend that you:
ask for a full course description, including daily timetable (so you
can see how much time is dedicated to any subject)
ask for an instructor resume/bio. (you will want a good instructor
with real world experience)
ask for any student comments (but take them with a pinch of salt)
ask around, post questions on forums etc. try to guage the public
opinion of this course.
later,
On 1/18/07, "Lee Haynes" <lee@carleeprotection.com> wrote:
> Sparky,
>
> I just want to add my opinion to the debate!!!!!
>
> I am currently studying through the CEH syllabus using the CBT videos of career
> academy on behalf of Mile2.com by Ken Mayer, and I am attending the CSTA course
> in February this year and am finding the videos along with my own home built lab
> a great learning tool.
>
> From a personal note I can watch the disk, learn the concept behind what is
> being said the review the manuals and slides then try the exercise in my lab, be
> it inserting a back door through Metaspoilt or running a scan on my network,
> enumerating through null sessions what ever, I think that because I am dyslexic
> and have an issue with academics this is a great way to learn and when I attend
> my course at least I like many newbie's will have a better understanding what
> the instructor will be saying.
>
> It may not work for every body but what do you have to lose, you can get VMware
> software, OS and videos of eBay for a cheaper price if you buy them from an eBay
> power sellers like I did, then build the lab, install the software, run the
> disks, print of the manuals and pen test until you are blue in the face.
>
> With regards to training schools every person will have their own opinion when I
> decided to go with the training people I am going with; I called different
> traing centres and schools, got their feedback reviewed the sight and made an
> informed decision from their.
>
> Good luck with your training.
>
> Lee
>
> on 15/1/07 5:41 PM, 09sparky@gmail.com wrote:
>
> > Hello All,
> >
> > I just had a quick question pertaining to Penetration Testing Certifications.
> > Has anyone taken or heard much about Mile2 Training? They provide two training
> > courses/certifications "Certified Penetration Tester Specialist" (CPTS) &
> > "Certified Penetration Tester Expert" (CPTE). I was wondering what others in
> > the field thought of these courses/certifications. They don't seem to be
> widely
> > recognized yet, but (is that going to change)? I took the CEH course a few
> > years ago and was thoroughly disappointed with the content and the course all
> > together. I was wondering if Mile2 was different.
> >
> > Any comments/suggestions?
> >
> > Thanks,
> > Sparky
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> >
> >
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008
> > bOW
> > ------------------------------------------------------------------------
> >
> >
> >
> >
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
-- Lee J Lawson leejlawson@gmail.com leejlawson@hushmail.com "Give a man a fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." "Quidquid latine dictum sit, altum sonatur." ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:32 EDT