It is the individual that HR should look at. When it comes to HR, the more
seasoned HR professionals look at past experience, college, and certs. Again
hiring practices weigh a combination of qualifications. Experience can prove
the greatest asset.
-----Original Message-----
From: Benson, Sean M [mailto:BensonS@state.gov]
Sent: Friday, May 12, 2006 9:31 AM
To: McLaurin, Timothy
Cc: pen-test@securityfocus.com
Subject: RE: CISSP-ISSMP
Case in point:
You've got a B.S. in infosys, yet due to the certs, you have to go get them to
break through the HR barrier.
You've put in ~4 years, paid thousands, and have been given all the basics, you
should be hired and tutored and begin your career. (as you would have before
certs really exploded on the scene.) but instead, after all that accredited
schooling, you have to go out to some (maybe) sleazy tech school and get a cert
that means little. Which side are you a victim of?
Bob Smith goes to a trucking school, decides it just too damn hard. Luckily the
school also teaches Security++, and he's good with XP so he switches to that
instead, and uses a cheat sheet to pass.
Now,
What's the sense in the HR director passing forward his resume and not yours?
You both have the same work experience.
I'd much rather interview you, but the HR director reads "HR&PHB Monthly",
which says Security++ is TEH Cert for '06, and files you in unacceptable.
Straw man argument, I know, but still.
That is one broken system.
Good luck, Tim
Strive to be wheat not chaff.
sbenson
-----Original Message-----
From: McLaurin, Timothy [mailto:tMcLaurin@citi-us.com]
Sent: Thursday, May 11, 2006 2:41 PM
To: pen-test@securityfocus.com
Subject: RE: CISSP-ISSMP
Yup, I'm that guy.
I know a lot of you feel that certifications mean nothing now-days. But I
think that you guys are looking at certs through a different filter. If I
didn't go out and get an MCSE I may very well still be working at Circuit City
even with my B.S. in Information Systems. Before I got my cert I got less than
a bite for my hundreds of resume' submittals. Before I got my CCNA I didn't
even get the opportunity to touch a router or a switch.
So yeah, I still don't know how to do certain fundamental things but how will I
get the opportunity to learn if no one gives me a shot without a cert.
I'll be the first to admit that I don't know a lot about a lot....I'm trying to
break into security now and I'm having a hard time figuring out where to
start...so I go back to what got me where I am so far....certifications.
So it's all relative. Certifications still have their value for some. But we
need to invest more in people than in paper.
-----Original Message-----
From: Benson, Sean M [mailto:BensonS@state.gov]
Sent: Thursday, May 11, 2006 10:09 AM
To: Serge Vondandamo; pen-test@securityfocus.com
Subject: RE: CISSP-ISSMP
Two words. Test king.
All you addressed can be seen in a descriptive resume.
I find some people I've interviewed have certs but no real world experience to
back it up. and when you ask interview questions, it's usually a test-king type
answer.
Rote-memorization is no replacement for the Geek gene.
A couple of years ago I was working in Central Asia, I went to a Sylvan
certified learning center and asked to take a test.
It was $100.00 plus $50.00 for the guy who would be taking the test for me.
They were shocked I wanted to take my own test.
After all, as the guy stated: "Dimitri scores so high, it's better for you."
In the U.S., it's normal to see a test king poking out from the study guide of
a lot of students in certification classes.
It's a duck shoot.
If the guy has a buttload of certs, but 4 months experience doing simple
telephone support work give him a chance, ask good questions, find out if he
really knows his stuff, if he does, hire him.
On the flip-side, don't block out the guy who works so hard at an ISP he
doesn't have time to study.
I know computer gods who don't have some certs because they are working in the
field. Theo de-Raadt, Linus Torvalds, Andrew Morton, Andrew Tridgell ad
infinitum... These guys wouldn't get a resume in the door if there's certain
certification requirements.
sbenson
(Disclaimer: Theo would probably drive his car (or bike)through the front door
of the business and get an interview.)
-----Original Message-----
From: Serge Vondandamo [mailto:serge.vondandamo@wanadoo.fr]
Sent: Wednesday, May 10, 2006 10:29 PM
To: Benson, Sean M; pen-test@securityfocus.com
Subject: RE: CISSP-ISSMP
All,
I don't know if people contributing in this thread have gone through recent
certification process or not. Believe me; the process itself adds value to the
person taking it. And that is where HR sticks.
Before even the idea to be certified will start arising, one must have known
the materials and touched the technology. I don't believe that a carpenter will
wake up in a morning and start thinking about getting certified as a security
professional and earn the certificate without knowing the materials.
I agree that old certs exams used to be fancy and easy and, that some folks may
have limited understanding of the concepts and hands-on skills but one thing I
am sure is that, they KNOW the materials! And going trough a cert process will
help them improve, increase and fill the gap!
So, by the time they got certified they surely gain more in their understanding
and use of the materials.
That is why HRs like certified people and that is also why the industry wants
us to be certified.
Make no mistakes here, knowing the materials only is not enough, one must go
trough a certification process and get certified.
I am proud to be a certified security professional :)
Serge Vondandamo, CISSP, CCNA
-----Message d'origine-----
De : Benson, Sean M [mailto:BensonS@state.gov] Envoyé : mercredi 10 mai 2006
16:32 À : pen-test@securityfocus.com Objet : RE: CISSP-ISSMP
All,
I think there's a point that was touched upon but not followed through.
Certs are sort of new to the scene. (relatively)
I'm certified out the wazoo, but I hardly even mention it.
Why? I have a resume and references.
Certs are a multi-million dollar business, from university of phoenix MCSEs to
Certified spyware inspectors. It's a scam.
Learn a useless cert from a useless certified instructor because network world
said this is needed and your furute PHB read the damn article.
Unfortunately we will have to do it until people get wise.
And as it's HR pogues and PHBs that we are waiting for, it may be a really long
time.
I've been around since Noah's animal inventory system version 1.0 was first
fuzzed.
and I can give one peice of advice:
Do good work, study constantly, learn the systems, keep your references and
resumes up to date, and when enough certified boobs break things, then it will
be the resumes/references that help separate the wheat from the chaff.
sbenson
BOFH+
-----Original Message-----
From: Craig Wright [mailto:cwright@bdosyd.com.au]
Sent: Tuesday, May 09, 2006 4:57 PM
To: Bob Radvanovsky; Nathaniel Hirsch
Cc: pen-test@securityfocus.com
Subject: RE: CISSP-ISSMP
Hi,
Although I agree with much of what you have said, it needs to be taken into
context. Unless there is some focus on the question, there will be no
correlation to the answers.
First as to not wanting ""generalists". They want "specialists"." This is
wholly dependant on the organisation, the size and the focus. Whilst true in
many larger organisations, it is generally not so in SME's where a limit to
staffing precludes having a specialised IT function for each IT discipline.
If you want to get more money this is another issue. I have never received a
job or a pay rise for industry certs. Any rise that I have received would have
occurred either way. Having completed a MMgt (Master of Management, similar to
a specialist MBA) I have found that this has aided my career more than any of
the certs.
From a point of view of risk and security, the LLM I am currently completing
has added far more value to clients than any of the certs, and thus helps my
career more. It is amazing how much more you can get done arguing legal and
contract requirements with an outsource vendor than trying to enforce firewall
rules etc on a purely technical basis. For those out there wanting to get into
the Digital forensic sciences, a law degree or two will do more for your
career than a whole bag of industry certs.
A PhD will get 5-10% (averaged) income greater than a standard Masters of the
same discipline. As far as cost effectiveness, the time to undertake the degree
and the costs associated with completing it make it unlikely that you will earn
more over your life. Why do it? There are a number of reasons. Myself, I am
involved in both industry and academia, and for the most part I enjoy a mix of
business and academic life.
Statistics training should be a requirement PRIOR to allowing people to spurt
off on their interpretation of statistical data and it should be mandated
before people are allowed to start one of the generally flawed studies that
abound.
So why do "I" pay the extra for an ISSMP (which incidentally I do not use on my
card etc). Because I wanted it. Because I can deduct half on tax and have the
other half paid for anyway.
Regards,
Craig
PS As for research masters and esp. doctoral degrees, I have had 1 employer
(ever) read any of my dissertations (and he only read the first 3 chapters). No
client that I know of ever has. Even than, like most people in the industry
with doctorates, my doctorate is not in IT, so all it shows is "advanced
research" training.
-----Original Message-----
From: Bob Radvanovsky [mailto:rsradvan@unixworks.net]
Sent: Tuesday, 9 May 2006 11:30 PM
To: Nathaniel Hirsch
Cc: pen-test@securityfocus.com
Subject: Re: CISSP-ISSMP
This doesn't surprise me. Nor does it surprise me that now, many people are
finding out that their certifications are either meaningless, or have
significantly less value than what they were lead to believe. It is almost
like 'snake oil salesmen', promising a cure to an ailment that sassafrass oil
doesn't have any medical correlation with. Certification companies stipulate
that certified people have a better chance at getting jobs -- not true anymore.
A recent survey concluded that people *are not* getting those jobs based upon
their certifications. Some companies stipulate that certifications may get you
more money in places you are already employed. Again, not true. I have known
folks who have passed their CISSP -- or whathaveyou -- certification, only to
have IT management say "that's nice", and move on. They're still doing the
same job, with no pay increase, and no job structure realignment.
Can't say that I've told many of you that "I told you so" -- but -- "I told you
so". ;P
What companies want are well-rounded people (not literally; if we did, we'd
have a seriously huge problem here) with a balance between education,
certification, experience, know-how, abilities, and willingness to 'do the
right thing'.
Many 'security jobs' are nothing shy than that of an overly glorified 'security
guard' job: you sit in front of a desk, and *wait* for a telephone call or
alter to pop up on your monitor screen. It is purely RE-active, not
PRO-active. People feel that if they get a certification, that they will get a
chance at the glitz and glamour, see the sights, and most importantly, get
paid...well. It's all a lie. You are just another 'security monkey' to The
System, and your role is one of thousands to fulfill a role for something else.
Sure, they want you to get your CISSP (and if you read/listened to what you
said, you might understand what I'm saying here, friend) so they can charge
more for your efforts. The key words here are "charge more for *your*
efforts". Does that mean that *you* will get paid more? Doubtful. If at all,
all you've done is justified your existence in that organization for an <X>
period of time, before they either don't need you any longer, don't want you
any longer, or plan on selling your company. The fact is, you, like so many
out there, believe that all of this will save your sorry butts, prevent you
from getting laid off, and get you some more money. I'm sorry, but in the
world today, that's just sooooo wrong.
Today's scale of economy doesn't work based on the hard work ethic principle
any more. It's much, much different now: "How can I make as much money as
possible, doing the least amount of work possible, while retaining the least
amount of people possible?" Those kinds of questions are what's going through
your manager's or their manager's minds. There are a few "pockets" out there
that reward people for their hard work and efforts. But let's face it,
Corporate America doesn't care, except for 'bottom line'. That's it. Nothing
more.
If you get a certification, or an education somewhere, that's nice. Good for
you! You got it because you *wanted* to get it, because you feel that it's
something that will help you, both externally and (more
importantly) internally. Not because you *think* you will get more money. If
your *sole* purpose is to get money, you're doing it all for the wrong reasons.
The certification companies *want* you to believe the money idealism at all
costs, and, of course, *charge* both you and organization for getting there.
Of course, if you don't get what you want, you can come back, and take another
class, and another, and another...
Let me share a few insights with you...
I have several degrees, including a Masters of Science degree, with close to 28
certifications (not all are IT-related). I've been in this business for OVER
28 years, and have seen all sorts of flim-flam artists come and go, and people
promising the sun, moon and stars. The certification folks provide *some*
utility, but not for what you think it's for. It's a 'weeding mechanism'; that
is, when you get tired at your currently lillypad, and decide to move to
another lillypad, and there is a tie between you and another candidate, the
recruiter or HR person will look at *both* of your qualficiations and see if
there is something that stands out between the two of you. If you have a
certification, and they don't, and the job stipulates that a certification is
"recommended", it's simple: you -- more than likely -- you might get the job.
But then, I've seen other factors play into things, too. Some companies are
cost-conscientious, where 'bottom line' rules. If the other candidate is a
senior-level technician, has 15 years exerpience, and wants $80,000, versus
someone else who has 5-7 years experience, and wants only $55,000, then it's
really a moot point. No matter what the person has done, or is capable of
doing, companies will make a decision based *solely* upon the salary and NOT
upon the job qualfications (which I have seen soooo many times in the past).
Also, most recruiters are considered 'technical idiots'; that is, they know
some of the lingo and terms, but cannot figure out if someone is performing a
'snow job' on them or not. In most cases, it comes down to the hiring manager
to help filter through all the junk, to determine if someone is (truly) trying
to pull a fast one on them. Sooner or later, the truth comes out if that
individual is trying to pull a fast one, but lately, it doesn't seem to work
any more. Also, recruiters and HR people have 'quotas' -- of course, they'll
deny that they have quotas, but this is bunk. How many times have you applied
for a job, only to find out that there are 6 other ones like the one you are
applying for, different titles, all pointing to the EXACT SAME JOB? This
phenomenon is becoming more and more prevalent these days, thanks for online
job-boards such as Monster of Hotjobs. And, of course, recruiters want you to
work with them because of the 'exclusivity' that they have to offer.
Rrrrrrrrright. The *best* jobs -- believe it not -- never make it to the
recruiter's organization. What the recruiters get are the 'scum jobs' -- the
hard-to-fill jobs that no one can, or will want, to fill. They are simply
trying to find a person, who matches <X>% of the qualifications, to fill that
role. Period. End of discussion. It's all a matter of economics.
I currently work with a 'technical idiot', but this person is shrewd and
cunning. They leave just minutes before an event happens, often times, leaving
me to do all of the work. We are a 'team' -- so long as I do ALL of the
technical grunt work, while he gets to attend meetings and drink coffee all day
(yes, it's striaght out of Dilbert, or the movie "Office Space", if you've ever
watched it -- excellent movie). Doesn't sound fair, does it? Life isn't fair,
and neither is working in a corporate environment. Get used to it, kiddo.
You're going to see more and more people who have a 'technical IQ' of an ant,
but the prowisness and cunning to that of a puma. Not all IT or IT security
people actually *know* what they're doing. That's why they've got...you.
Many of them, are nothing more than 'paperpushers'; most of them rely on people
like *you* to do the job that they *should* be doing, but fill other roles like
'customer relations'. Sometimes, it works for the better. Many (often times,
most) times, it does not. Most people and organizations are lazy, and want to
lay claim that it is someone else's fault for not getting the job done. This
is why we have job segmentation/compartmentalization today. Or haven't you
noticed? You do ONE thing in your job -- THAT'S IT. The Days of Generalized
Specialization are almost dead. Companies don't want "generalists". They want
"specialists". And why do you ask? So, when they have no further need of your
services, they simply get rid of you, your job, or your position entirely.
It's all "ala carte" nowadays. And the certifications are an almost *direct*
correlation to that mindset.
Finally, it's not *what* you know, it's *who* you know that counts these days,
what connections you have, how well-to-do you are, and if you have any
*influence* that you can exert over your 'target' (that being a manager). And
the security industry is no exception. In fact, it's far more political than
standard IT-related work, because of the 'human factor' involved. You interact
with humans more often than computers, and thus, the amount of politics
increases accordingly. It is very proportional.
Know that you're not the only person who's going through this. Many other
technicians and security folk alike, will probably agree with me that this is
more commonplace today than ever before. Those of us who are "old farts" (been
in 'da biz for more than 10 years), know that times are changing -- rapidly. I
don't what other advise I can give you, except be flexible, and always keep
looking. I've been doing the same durn thing now for over 15 years. Does it
get tiring? You bet it does, esp. when you aren't appreciated nearly as much
as the next person. But, be thankful that you even have a job in a time when
our jobs are continually being threatened by outsourcing, or worse, offshoring.
Unless you like curry chicken, you have to keep your options open...and your
mouth shut. If you don't like what you have at your place, move on; otherwise,
find ways to work with the psychodynamics of your workplace, of which there are
plenty of books out there on the subject. ;))
Hope this helped...
-r
----- Original Message -----
From: Nathaniel Hirsch [mailto:nh2@njit.edu]
To: Mohamed Abdel Kader [mailto:makster12@hotmail.com]
Cc: pen-test@securityfocus.com
Subject: Re: CISSP-ISSMP
I recently got my CISSP. The company that I work for paid for me to
go to a class, and take the test assuming I passed. If I failed then
the $500 would be on my nickle. Thankfully I did not fail. The main
reason they wanted me to get my CISSP is now they can charge more for
the work they contract me out to, this and you need it or some other
equivalent to do level 3 and 4 DITSCAP testing. As for an ROI after I
passed a got a 15% raise which was nice, but I was also up for a
raise, so I can not tell you how much that was due to the CISSP, and
how much was due to my overall performance at the company. Personally
I feel that the exam and certification process is a waste of time, and
so does everyone else at the company, but they are needed, or so they
say. However we have a guy who works here who is a CISSP and a
CEH(certified ethical hacker), and to be truthful, he is quite
possible the most worthless tester I have ever had to work with, and
everyone else in the office knows this. So having the cert doesn't
make you good, and doesn't prove to anyone that you have experience or
skill. It just proves that you can pick the correct answer out of a
four possible answer on a 250 question multiple choice exam. As for
giving an out of 10 scale for everything you mentioned I guess they
would all be 5s because it all really depends on a lot of other
things. As for what job its good for, I would have to say more
managerial then anything else. The topics covered are really only
puddle deep, not enough to know whats going on, just enough to know
that it is going on though.
Nathaniel Hirsch, CISSP
Xacta Corporation
656 Shrewsbury Ave.
Shrewsbury, NJ 07702
On 5/8/06, Mohamed Abdel Kader <makster12@hotmail.com> wrote:
Hi all,
I was wondering if anyone out there did the CISSP-ISSMP
concentration.
I want to know the value added in the areas listed below, in an out
of 10
scale for example:
Total ROI
Career Advancement
Industry Demand
Raise Potential
Suitable for what job/position (not an out of 10 answer of
course :))
I also want to know the material to study from.
Thanks a million.
MAK
------------------------------------------------------------------------
------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's
Choice Award from eWeek. As attacks through web applications
continue to
rise,
you need to proactively protect your applications from hackers.
Cenzic has
the
most comprehensive solutions to meet your application security
penetration
testing and vulnerability management needs. You have an option to go
with
a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed
service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to
confirm your
results from other product. Contact us at request@cenzic.com for
details.
------------------------------------------------------------------------
------
------------------------------------------------------------------------
------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's
Choice Award from eWeek. As attacks through web applications continue
to
rise,
you need to proactively protect your applications from hackers. Cenzic
has
the
most comprehensive solutions to meet your application security
penetration
testing and vulnerability management needs. You have an option to go
with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your
results from other product. Contact us at request@cenzic.com for
details.
------------------------------------------------------------------------
------
------------------------------------------------------------------------
------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise,
you need to proactively protect your applications from hackers. Cenzic
has the
most comprehensive solutions to meet your application security
penetration
testing and vulnerability management needs. You have an option to go
with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your
results from other product. Contact us at request@cenzic.com for
details.
------------------------------------------------------------------------
------
Liability limited by a scheme approved under Professional Standards
Legislation in respect of matters arising within those States and
Territories of Australia where such legislation exists.
DISCLAIMER
The information contained in this email and any attachments is
confidential. If you are not the intended recipient, you must not use or
disclose the information. If you have received this email in error,
please inform us promptly by reply email or by telephoning +61 2 9286
5555. Please delete the email and destroy any printed copy.
Any views expressed in this message are those of the individual sender.
You may not rely on this message as advice unless it has been
electronically signed by a Partner of BDO or it is subsequently
confirmed by letter or fax signed by a Partner of BDO.
BDO accepts no liability for any damage caused by this email or its
attachments due to viruses, interference, interception, corruption or
unauthorised access.
------------------------------------------------------------------------
------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's Choice Award from eWeek. As attacks through web applications
continue to rise, you need to proactively protect your applications from
hackers. Cenzic has the most comprehensive solutions to meet your
application security penetration testing and vulnerability management
needs. You have an option to go with a managed service (Cenzic
ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download
FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your results from other product. Contact us at request@cenzic.com for
details.
------------------------------------------------------------------------
------
----------------------------------------------------------------------------
--
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise,
you need to proactively protect your applications from hackers. Cenzic has
the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
----------------------------------------------------------------------------
--
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
