Re: CREST or TIGER?

From: Danny Fullerton (dfullerton@mantor.org)
Date: Thu Oct 18 2007 - 19:33:01 EDT


Hi,

from my point of view, among security professional, xyz certification
won't mean anything and so does university degree. I've been working
with CISSP, computer science PhD, CEH, CISM, GIAC and others guys and
found that my opinion about there competency in computer security cannot
be based on those. The only common denominator I found among the best
was passion.

If you think you need some sort of certification to be taken more
seriously, you should consider questioning the way you work/collaborate
or introduce yourself.

I cannot speak for everyone but personally, for the time I've been
working in computer security, the little letters following names have
lots all credibility. The only time it looks quite important and finally
worth something is with people outside the security community (e.g.
executive, human resource).

This is only my opinion, no offense.

---
Danny Fullerton, xyz
Founder
Mantor Organization
EH wrote:
> All, I would value your opinion.  I am trying to make a comparison
> between the 'new kids on the block' in terms of pen tester
> accreditation here in the UK, CREST and TIGERScheme,  for my
> organisation.  So far I've come up with the following information.
>
>                                       CREST            TIGER
> An existing examination      No                  Yes
> Independent of suppliers      No                  Yes
> End user driven                   No                  Yes
> Not for profit                       Yes?               Yes
> Applicable to Individuals      Yes?              Yes
> Company standards            Yes               Yes (CCTM)
> Career path                        Yes?              Yes
> University standard              No                Yes
> It seems that the TIGER Scheme www.tigerscheme.org is fully up and
> running and accrediting individuals already plus it is a University
> based examination which CREST www.crest-approved.org is not.
>
> I see from the CREST website that they are in support of the often
> maligned multiple guess CEH examination and will 'grandfather'
> individuals into the 'CREST approved' scheme if they have CEH.  Now I
> am a CEH [amongst other things I hasten to add] and I sat the exam in
> early 2003.  It was taken reasonably seriously then but it seems that
> the pen test communities opinion of the cert has deprecated somewhat
> over time ... so is CREST a re-branded EC-COUNCIL?  If so will they go
> the same way?
>
> To grandfather into TIGER at the lowest level of certification you
> need an approved MSc in Computer Security.  Basically any certs I
> recommend for my organisation I want to be taken seriously now and in
> future. I am heavily leaning towards TIGER.
>
> Your thoughts?
>
> Thanks in advance.
>
> EH
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
>
>   
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:10 EDT