Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: CISSP

from [Michael Mooney] Network Security [Permanent Link]
Subject: Re: CISSP
Date: Fri, 8 Dec 2006 00:05:07 -0500 
All
As a graduate of both the OPSA and OPST I wholehartedly agree with Pete
that hands on knowledge based training and certification is the most
accurate measure of what you know.  It challenges you to excel and keep up
with what is happening in our ether world.  I am also a CISSP and the
reason is that it is becoming a requirementthat for companies gain
contracts that they must have certified staff.  Unfortunately, the OPST and
OPSA are not on the list, but SANS GIAC is - go figure.  And yes - OPSA and
OPST are difficult tests - that's the point.  
As I tell my peers and seniors - the vulnerabilities and cyber challengers
out there have no conscience, they know no politics, recognize no
international boundaries, or personalities.  Know your enemy, know yourself
and never relax.  



[Original Message]
From: Pete Herzog <lists@isecom.org>
To: Bates, Chris <Chris.Bates@nwdc.net>
Cc: <pen-test@securityfocus.com>
Date: 12/7/2006 9:54:10 PM
Subject: Re: CISSP


But I also think certification by itself means next to nothing for the
most part. I have seen way to many Consultants with certifications and
degrees not know their head from a hole in the ground.


There are certifications and there are certifications.  Knowledge
certifications where one memorizes security trivia and regurgitates it on
an exam has much less applicability in the real world than a formal
education where case studies and experience may be introduced or an

applied

knowledge certification.

But a certification should mean something.  It should prove that a person
can apply a particular type of knowledge, a specialty, with a measurable
degree of accuracy and efficiency.  If a group has convinced you that they
can certify, accredit, or graduate you in a trade or specialty in a manner
which requires no proof of skill then you should question your own

critical

thinking skills. Because it just doesn't work that way.  Even with
experience, that means nothing if what you learned is wrong from the

start.

 The US Department of Education has a word for organizations who sell
diplomas for experience alone and often no additional coursework: Diploma
Mills (http://en.wikipedia.org/wiki/Diploma_mills).

I'm saying this because at ISECOM we have been an authority for applied
knowledge security certifications for nearly 5 years because the security
community we work with asked for it. They asked for a security cert that
didn't suck.  They wanted one where people actually had to apply their
knowledge of testing and analysis with accuracy and efficiency in order to
pass an exam against a live network. So we built it and you know what, we
still sometimes get complaints that it's too hard and too complicated.
When we first rolled this out in the US, the training organization we
worked with didn't see a future for it because they said they needed an
easier exam, a knowledge-based one, so people can pass and take a
certification back to the office which will bring in more people.  Then
they can also promote a high pass rate in their marketing for that
training. So we stopped working with those training companies in the U.S.
that wanted an easy pass to sell easily to the masses.  But that's just
mainly a problem in the US and most other regions have been just fine for
us.  In those other places the ISECOM certifications really mean something
and get people employed and advanced and vetted for having them.

So please don't lump all security certifications together.  Some of us are
working hard to help and such comments don't.

Sincerely,
-pete.

PS: Sure I work for ISECOM so I am biased about the quality of our
certifications but facts are facts and our certifications really are
applied knowledge, hands-on examinations.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.


http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW

------------------------------------------------------------------------






------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: CISSP, Joseph McCray
Next by Date:  False posting using my name, Joseph Seanor
Previous by Thread:  Re: CISSP, Michael Krzeszkowski
Next by Thread:  Re: Re: CISSP, shyaam
Indexes:  [Date] [Thread] [Top] [All Lists]