Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Mile2 Training (Certifications)

from [Andrew Blyth] Network Security [Permanent Link]
Subject: Re: Mile2 Training (Certifications)
Date: Tue, 17 Jul 2007 09:08:07 +0100 
Greetings,

There is an initiative in the UK that has lead to the creation of the Tiger
Scheme.

The TIGER Scheme provides a means of independently certifying the skills of
vulnerability test ('penetration test') engineers.

The Scheme is managed independently by a Management Committee comprised of
industry stakeholders with a vested interest in maintaining standards and in
meeting market requirements.

The three main strengths of the TIGER Scheme are: independence; a
University-based examination; and strong end-customer involvement on the
Management Committee.

http://www.tigerscheme.org.uk/


Andrew


On 16/7/07 19:46, "Pete Herzog" <lists@isecom.org> wrote:


Hi Ken,

Unfortunately, skills-based certification is the closest thing that exists
to what is really required, decent apprenticeships.  While "virtual"
apprenticeships happen through hacker groups and to some regards in certain
on-line training venues, that doesn't come close to giving the well-rounded
skills a professional security tester needs in the modern workplace.

I was lucky enough to have a great mentor during my time at IBM and what
Peter Klee didn't teach me about just knowing how to be a "smart security
consultant" as he called it could fit in a thimble.  For a year that guy
dragged me to analyst meetings and customer meetings and presentations and
internal department meetings where I just sat there with my mouth shut and
learned how security professionals handle themselves.  That doesn't happen
these days.  Kids leave college with a few infosec courses under their belt
and they become security professionals already assessing other people's
business.  There's no substitute for proper apprenticeship.  But since that
won't happen much anymore we need to find other ways to prove ourselves.
We do that by showing it to an independent 3rd party to rate our ability to
apply knowledge and skills to realistic problems in a timely manner. And
that's what ISECOM is doing. It's the closest thing you can get to proving
experience and ability like in an apprenticeship.

This whole thing about work experience voucher and all that is a sham that
more and more people get around.  That doesn't mean anything!  We all work
with people who share the same job title but not the same work ethic or
skills.  Yet after 2 years they are the same level as you according to
these business experience certification requirements.  It's so hokey that I
even have to use the word "hokey" and that alone is upsetting! ;)

Sincerely,
-pete.



Ken Kousky wrote:

When exploring certification programs it's also important to note that
ANSI/OSI have a standard for the certification of professional licensing and
certification programs. The ANSI/OSI framework does not allow for this kind
of approach, where you have to buy a specific training product or program.

A professional licensing process should be an independent test of
competencies and not a measure of the training program an individual
purchases. 

The DoD 8570 directive endorses ANSI/OSI certified certification programs -
I think for this reason. It's not buying training but establishing
competencies that matters.

It's what you know, not what you buy. I think mostgood professional
certifications are moving in this direction.

We still have a long way to go before the processional standards for
competency are clearly codified. Right now, the targeted skills continue to
evolve with the exploits but we're starting to better understand the need
for foundation skills and then specific applications of these skills.

KWK 




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Skype use obligation - Security x Productivity, Javier O. Augusto
Next by Date:  Re: Skype use obligation - Security x Productivity, Javier Reyna Padilla
Previous by Thread:  Re: Mile2 Training (Certifications), Pete Herzog
Next by Thread:  Re: Mile2 Training (Certifications), Jamie Riden
Indexes:  [Date] [Thread] [Top] [All Lists]