Re: InfoSec certification EC/BackTrack?

From: Pete Herzog (lists@isecom.org)
Date: Wed Mar 05 2008 - 16:00:01 EST

• Next message: davemitch@mailinator.com: "post-discovery in web vulnerability"
• Previous message: JD Lampard: "Reconnaissance"
• In reply to: Joseph McCray: "Re: InfoSec certification EC/BackTrack?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Joseph McCray wrote:
> No this is not a shameless plug from a guy that runs a security training
> company.
>
> I would say that you want to make sure that you have the background for
> the job more so than the certs. I'm not saying that you shouldn't get
> them - they do have quite a bit of merit especially considering that
> people often doing the hiring really aren't very technical so the certs
> will definitely get you an interview.

As often is the case, I find it difficult to disagree with Joe. But I think
there is a small problem with work experience-- it's only good if the
experience is NOT created by layers of bad information and security myths.

Many of the salty dogs of the security world today come from varied IT
backgrounds because there were no security courses or certifications to
stumble out of whenceforth one "sees the light". But unfortunately those
who gained experience after the introduction of knowledge-based
certifications were peppered with "best practices" which grew into myths as
they were extrapolated into areas of IT security that they made no sense to
be in or became outdated as technology advanced.

Certification, the skills kind based on solid security research and not
general practices or a monster manual of tools and scripts (and yes I work
for ISECOM so I'm differentiating here), can actually prove the
practitioner has learned to tell security fact from fiction, a key element
for any security employee.

And by the good kind, I'm referring to the OPST and OPSA... just in case
some of you didn't catch that.

Sincerely,
-pete.

www.isecom.org

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: davemitch@mailinator.com: "post-discovery in web vulnerability"
• Previous message: JD Lampard: "Reconnaissance"
• In reply to: Joseph McCray: "Re: InfoSec certification EC/BackTrack?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:26 EDT