Danny,
I do not know you personally, but you have stretched your neck out and I am in
one of those moods.
I have many certs, Degrees and accreditations etc. I have over 20 publications
(peer reviewed) and even a couple books. This includes being one of the VERY
few people with a GSE (mine being the only GSE in compliance). [Forgive the
self promotion, but I am getting to a point]. What I personally do is try to
round out my skills. I have enough tech skills to cover most things. These have
been tested by comprehensive long-term evaluations, publications and training.
[Gratuitous plug for those people in Australia looking @ SANS Training there is
a staysharp session in Sydney in Nov and AUD507 as a mentor session in Jan 2008
that I am leading].
I round my tech skills by learning outside of IT. I have Post Grad Management
and am completing an LLM (Masters in Law). Certs are a way to demonstrate that
you still learn and have some level of measurement to a standard.
Looking at your CV Danny, (http://dfullerton.mantor.org/) and page I see that
you have completed a couple GIAC certs. You also seem proud of this ? as you
should be.
?Members new certifications
Danny Fullerton has complete GCIH and GHTQ certifications (Giac Certified
Incident Handler and Giac cutting edge Hacking Techniques respectively).?
So does this mean that you know all? Are you at the pinnacle of all there is
and can talk on all topics? I see that you do not have a CISM. It is easy to
descry the failings of something you do not have. To state that it shows
nothing, but this is when you err. It demonstrates a minimum competency in a
security management level of knowledge. Does this mean that managers need to be
hands on? No, it means that they know a base set of terminology needed to talk
to IT techs. This is not the same thing. The same with a PhD, a PhD is proof of
expertise in an area. What the area happens to be is what matters and this does
not mean security ? it means a focused area.
My first doctorate compared the mythos and origins of Greco-Roman and
pre-Judaic belief structures. So I guess that this has no relation to security.
On the other hand the couple masters degrees in IT do. Even then, the doctorate
has helped my security career. It provided me with research skills and rounded
my writing.
So where does this all lead. Not all certs are equal. They are popping up
daily. The main thing is to:
1. Demonstrate that you continue to learn. Peer reviewed papers, certs and
other learning help show this.
2. Stay fresh. That cert you completed 5 years back ? what have you done to
maintain it? Is it a standard ?get a helpdesk job? one ? or a premium one? How
long has it been around? Is it international?
I am old enough and ugly enough to be able to ?bitch? to and about management ?
after all ? I am management (even if I maintain my tech skills). However,
remember that all these posts are there for HR to read (Hi HR person :) for
MANY years to come. What we state now regards these things may come to haunt
you in the future. It is easy to state I do not care on a list. When however,
you also have a web page contradicting this assertion, then there are conflicts
in the story.
People outside the security community are the majority. This is a good thing to
remember. We are effectively ?helper parasites?. We offer the services of a
communal anti-body or Tcell macro-phage. We can make life easier for those
non-security people, but we can not live without them. They however can survive
without us (though in a more limited fashion). Something that people may wish
to remember in security.
Regards,
Craig Wright
GSE-Compliance
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
