From: Pete Herzog (lists@isecom.org)
Date: Thu Jul 12 2007 - 04:53:41 EDT
Hi,
> ps. Don't forget about the OSSTMM courses which are available now !!!
The ISECOM professional security tester and analyst courses
(www.isecom.org) have been running over 6 years now and are now defined by
the OSSTMM 3 methodology. So it isn't about ethical hacking or penetration
testing but of the superset of security testing which includes elements of
both as well as tests for compliance and the RAV metrics (you can see a
video me talking about this at FOSDEM- see
http://video.fosdem.org/2007/FOSDEM2007-SecurityTesting.ogg - you might
need to download VLC to watch it so if anyone wants to convert it or post
it on a video sharing site like Youtube, that'd be mighty cool of you).
This all prepares you for the comprehensive certification exam and requires
that you be able to perform a security test to pass. So it is what we call
an Applied Knowledge test which means it's not just about skill but about
using what you know efficiently and precisely. Our reasoning for this is
so those who get their OPST or OPSA do really know what they're doing for a
full security test.
The certification program has been growing well but we never pushed hard in
the US market. Now most Americans end up going to Canada and Mexico or
even coming to Europe to get certified. We do now have a training partner
again in the US and even an exam center too. See
http://www.isecom.org/partners/training.shtml for details.
For those who don't know, ISECOM is an independent, open, non-profit
organization with the mission to "make sense of security." We are well
known for the OSSTMM and our security metrics but also operate and
participate in many other projects like OpenTC (www.opentc.net). Our
certification program comes from our research and has been defined by what
is correct rather than by what makes for shiny marketing material. So you
might find yourself feeling very enlightened and very satisfied by the
experience even if you have a few years of experience under your belt as
most people perpetuate mistakes and bad habits for years before passing
them on to those they mentor.
And by the way, although we never really made a big deal publicly about it,
you can grab the spreadsheet for the security metrics at the ISECOM website
as well. Instructions on using it have been put into OSSTMM 2.2 available
at www.osstmm.org.
Sincerely,
-pete.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/wf-spi
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:56 EDT