Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: CREST or TIGER?

from [cwright] Network Security [Permanent Link]
Subject: Re: Re: CREST or TIGER?
Date: 19 Oct 2007 22:02:10 -0000 
Hello all,
It is easy to bitch about what this, but even easier to forget that different 
certs are aimed at different things.

CISM is a management certification - this is not a hands on tech one. CISSP is 
a indicator of baseline knowledge.

GIAC are focused on a particular area. In these - it all depends on what your 
focus is and ALSO the level. Silver is good, but it is not as yet proctored for 
all (changing) and silver is just multi-guess. When you get a gold paper then 
maybe we can talk. Would I trust a person with a GCUX alone to run a Windows 
system - NO. Do I feel that they could run (at least at a basic level) a Unix 
system - Yes. This goes for all these certs.

As for Passion - I have found MANY passionate people who have ballsed up a job. 
Who have rushed into an incident and destroyed evidence.
As for Tiger or Crest - they are relatively unknown as yet and thus offer 
little value as yet. Time may tell, but ...

As for my personal opinion, I have seen MANY people bitching about HR, 
management, business, certified people etc. What I have found in my 23 years in 
Info Sec is that those who "bitch" the loudest about this are the least likely 
to fit in a team. And THIS is an issue. Cowboy security jockeys are in 
abundance. What is needed is more professionals. A cert will not do this. What 
is needed is experience OUTSIDE IT security as well as the tech skills.

Regards,
Craig Wright
GSE-Compliance


____In reply to_____

Hi,

from my point of view, among security professional, xyz certification 
won't mean anything and so does university degree. I've been working 
with CISSP, computer science PhD, CEH, CISM, GIAC and others guys and 
found that my opinion about there competency in computer security cannot 
be based on those. The only common denominator I found among the best 
was passion.

If you think you need some sort of certification to be taken more 
seriously, you should consider questioning the way you work/collaborate 
or introduce yourself.

I cannot speak for everyone but personally, for the time I've been 
working in computer security, the little letters following names have 
lots all credibility. The only time it looks quite important and finally 
worth something is with people outside the security community (e.g. 
executive, human resource).

This is only my opinion, no offense.

---
Danny Fullerton, xyz
Founder
Mantor Organization

EH wrote:

All, I would value your opinion. I am trying to make a comparison
between the 'new kids on the block' in terms of pen tester
accreditation here in the UK, CREST and TIGERScheme, for my
organisation. So far I've come up with the following information.

CREST TIGER
An existing examination No Yes
Independent of suppliers No Yes
End user driven No Yes
Not for profit Yes? Yes
Applicable to Individuals Yes? Yes
Company standards Yes Yes (CCTM)
Career path Yes? Yes
University standard No Yes
It seems that the TIGER Scheme www.tigerscheme.org is fully up and
running and accrediting individuals already plus it is a University
based examination which CREST www.crest-approved.org is not.

I see from the CREST website that they are in support of the often
maligned multiple guess CEH examination and will 'grandfather'
individuals into the 'CREST approved' scheme if they have CEH. Now I
am a CEH [amongst other things I hasten to add] and I sat the exam in
early 2003. It was taken reasonably seriously then but it seems that
the pen test communities opinion of the cert has deprecated somewhat
over time ... so is CREST a re-branded EC-COUNCIL? If so will they go
the same way?

To grandfather into TIGER at the lowest level of certification you
need an approved MSc in Computer Security. Basically any certs I
recommend for my organisation I want to be taken seriously now and in
future. I am heavily leaning towards TIGER.

Your thoughts?

Thanks in advance.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: CREST or TIGER?, Shenk, Jerry A
Next by Date:  Re: Re: Re: CREST or TIGER?, cwright
Previous by Thread:  Re: CREST or TIGER?, Rory McCune
Next by Thread:  Re: Re: Re: CREST or TIGER?, cwright
Indexes:  [Date] [Thread] [Top] [All Lists]