Re: Re: Re: CREST or TIGER?
('binary' encoding is not supported, stored as-is)
Danny,
I do not know you personally, but you have stretched your neck out and I am in one of those moods.
I have many certs, Degrees and accreditations etc. I have over 20 publications (peer reviewed) and even a couple books. This includes being one of the VERY few people with a GSE (mine being the only GSE in compliance). [Forgive the self promotion, but I am getting to a point]. What I personally do is try to round out my skills. I have enough tech skills to cover most things. These have been tested by comprehensive long-term evaluations, publications and training. [Gratuitous plug for those people in Australia looking @ SANS Training there is a staysharp session in Sydney in Nov and AUD507 as a mentor session in Jan 2008 that I am leading].
I round my tech skills by learning outside of IT. I have Post Grad Management and am completing an LLM (Masters in Law). Certs are a way to demonstrate that you still learn and have some level of measurement to a standard.
Looking at your CV Danny, (http://dfullerton.mantor.org/) and page I see that you have completed a couple GIAC certs. You also seem proud of this – as you should be.
“Members new certifications
Danny Fullerton has complete GCIH and GHTQ certifications (Giac Certified Incident Handler and Giac cutting edge Hacking Techniques respectively).”
So does this mean that you know all? Are you at the pinnacle of all there is and can talk on all topics? I see that you do not have a CISM. It is easy to descry the failings of something you do not have. To state that it shows nothing, but this is when you err. It demonstrates a minimum competency in a security management level of knowledge. Does this mean that managers need to be hands on? No, it means that they know a base set of terminology needed to talk to IT techs. This is not the same thing. The same with a PhD, a PhD is proof of expertise in an area. What the area happens to be is what matters and this does not mean security – it means a focused area.
My first doctorate compared the mythos and origins of Greco-Roman and pre-Judaic belief structures. So I guess that this has no relation to security. On the other hand the couple masters degrees in IT do. Even then, the doctorate has helped my security career. It provided me with research skills and rounded my writing.
So where does this all lead. Not all certs are equal. They are popping up daily. The main thing is to:
1. Demonstrate that you continue to learn. Peer reviewed papers, certs and other learning help show this.
2. Stay fresh. That cert you completed 5 years back – what have you done to maintain it? Is it a standard “get a helpdesk job” one – or a premium one? How long has it been around? Is it international?
I am old enough and ugly enough to be able to “bitch” to and about management – after all – I am management (even if I maintain my tech skills). However, remember that all these posts are there for HR to read (Hi HR person :) for MANY years to come. What we state now regards these things may come to haunt you in the future. It is easy to state I do not care on a list. When however, you also have a web page contradicting this assertion, then there are conflicts in the story.
People outside the security community are the majority. This is a good thing to remember. We are effectively “helper parasites”. We offer the services of a communal anti-body or Tcell macro-phage. We can make life easier for those non-security people, but we can not live without them. They however can survive without us (though in a more limited fashion). Something that people may wish to remember in security.
Regards,
Craig Wright
GSE-Compliance
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7
: Sat Apr 12 2008 - 10:58:10 EDT