From: Pete Herzog (lists@isecom.org)
Date: Tue Mar 28 2006 - 04:07:58 EST
Hi,
Disclaimer: I work for ISECOM
You may want to look at www.opst.org and www.opsa.org. You can find
information about the only two, current, skills and applied knowledge
certifications for security testing and analysis. There is certainly no
end to the request we get for OPST and OPSA certified people and in most
places they get hired faster than we can certify them especially where
government and industry regulations require that certification for
employment or advancement. For example, in the U.K., the certifications
are growing just as a vetting tool (employers requiring proof of
ability).
I have to warn you though, neither is easy. Both require you to do live
testing and analysis work against real systems in a proper, controlled
format (think scalpel not broadsword) under time pressure to prove that
you know what you're doing. Many people know how to point and shoot
tools but have no idea what's really happening from the shooting to the
tool's interpretation. Furthermore, many people lack the critical
thinking skills in security to discern fact from fiction. OPSA and OPST
are ways to learn that. You can look at the website for courses or just
study on your own. You can also bring all your notes as they're both
open book exams. The important point is that you can do it correctly in
the time allowed.
There's a lot of flashy certifications out there for ethical hackers and
penetration and security testers and these aren't them. But these are
the only ones from an independent non-profit and that actually focus
certification on your ability, applied knowledge, and ethics in such a
package. It's probably why they've grown so fast in the last 3 years.
Sincerely,
-pete.
leehaynes@carleeprotection.com wrote:
> Hi,
>
> Can anyone help. I have been involved in system testing for about the last 18 months, and would now like to work as a pent tester.
>
> I am applying for junoir pentest roles and they are ask me if I have any pen test expeirence, I tell them what I have done and then they ask me for my CV.
>
> After receiveing my CV their tell me that I have no pentesting experince. I suppose what I would like to know is:
>
> Is a pen testing and a system testing one and the same or are they different, because after a qiuck search on the net they to me appear to be the same.
>
> Can any one answer my question.
>
> Thanks
>
> Lee
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> As attacks through web applications continue to rise, you need to proactively
> protect your applications from hackers. Cenzic has the most comprehensive
> solutions to meet your application security penetration testing and
> vulnerability management needs. You have an option to go with a managed
> service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
> Download FREE whitepaper on how a managed service can help you:
> http://www.cenzic.com/forms/ec.php?pubid=10025
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com
> ------------------------------------------------------------------------------
>
>
>
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:45 EDT