On 11/26/05, Valdis.Kletnieks@vt.edu <Valdis.Kletnieks@vt.edu> wrote:
On Sat, 26 Nov 2005 09:52:13 +0530, R S said:
Hint: Compare how much of technical advancement has happened in the
security field because of published GIAC papers compared to real
technical papers coming out of academia.
On the other hand, most companies are hiring people who understand how to
use *current* knowledge to secure things and help the bottom line, not do
research.
When I take my car in to be serviced, the fact the mechanic has his sheet
on
the wall saying he's completed the vendor training on the engine, exhaust,
air conditioning, and brakes for my make of car tells me something. I
don't
need Enzo Ferrari fixing my fuel injection.
Yes. You are very right. But you are comparing getting a training from
Cisco on Cisco router to getting a very general certification from
Sans saying you are a security expert.
If you are a qualified mechanic who work on different makes and models
and you are hiring a car mechanic to work for you would you hire
someone who can show they can do any job you throw at them or someone
who just touts that they have a specific certificate from a specific
vendor? As a non-technical car driver I may be impressed by seeing
the certificate from the vendor on the wall.
Again this may not be a good comparison because if you take
automobiles there are enough nuances that are very specific to a make
and model that you need training from the vendor to even know what's
wrong. It should be the same way for security. If there is a cisco
firewall protecting your network it may be nice to know that a person
trained by cisco is setting it up rather than a "security expert" with
a generic sans certification - though that should not be the only
criteria because yor network is just not that cisco router.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
