Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Value of certifications

from [Craig Wright] Network Security [Permanent Link]
Subject: RE: Value of certifications
Date: Thu, 26 Apr 2007 09:38:50 +1000 
Hello James,
I have to agree at some level, but I can not completely agree with your
assertions on your blog. You state:

"They do not offer research, or any sort of consulting service, or
anything more then certifications at a bloated price. Their business
model is supply and demand. Their prime concern is money, not quality
assurance or education. They charge high prices because everyone else
will pay them. It is the difference between $57 and thousands of dollars
for a single certification. "

In some cases as you mention - this is true. However, CISA and CISM for
instance from ISACA do not follow this model. ISACA does research and
has issued one of the most highly used audit models - CoBIT.

The capitalist market system is supply and demand. It may be impersional
and have its faults, but it works better than the existing alternatives.

Greed is too simple. There is a market and people willing to pay. Thus
there are people willing to take money to offer this service.

ISC2 as another example does offer quality assurance, but the level of
what they offer is the issue. Many put more faith in it than is valid.

As for the car issue, there are more people doing this. This is supply
and demand at work. The IT security field has a greater demand than the
mechanic. Try a comparision with a specialist plumber. This is closer to
the model in economic terms.

Regards,
Craig



Craig Wright
Manager of Information Systems

Direct +61 2 9286 5497
Craig.Wright@bdo.com.au
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO Box 2551 Sydney NSW 2001
Fax +61 2 9993 9497
www.bdo.com.au

Liability limited by a scheme approved under Professional Standards Legislation 
in respect of matters arising within those States and Territories of Australia 
where such legislation exists.

The information in this email and any attachments is confidential.  If you are 
not the named addressee you must not read, print, copy, distribute, or use in 
any way this transmission or any information it contains.  If you have received 
this message in error, please notify the sender by return email, destroy all 
copies and delete it from your system. 

Any views expressed in this message are those of the individual sender and not 
necessarily endorsed by BDO Kendalls.  You may not rely on this message as 
advice unless subsequently confirmed by fax or letter signed by a Partner or 
Director of BDO Kendalls.  It is your responsibility to scan this communication 
and any files attached for computer viruses and other defects.  BDO Kendalls 
does not accept liability for any loss or damage however caused which may 
result from this communication or any files attached.  A full version of the 
BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO 
Kendalls website at http://www.bdo.com.au or by emailing 
administrator@bdo.com.au.

BDO Kendalls is a national association of separate partnerships and entities.

-----Original Message-----

From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Simmons, James
Sent: Thursday, 26 April 2007 8:12 AM
To: security-basics@securityfocus.com
Subject: RE: Value of certifications

 I will have to disagree about the validity of certs. It is true that
certs will get you the interview. But I find them only to be good if you
want a basic level system admin job. Everyone is putting too much
emphasis about certifications these days. Granted it is a way to
determine that at some point an individual was able to remember (or at
least guess) the right answers for a group of questions at some point in
time, but that doesn't necessarily prove that someone is competent. 

http://san2600.org/index.php?name=Blogs&mode=display&id=10

I will have to refer you to my long rant about the subject, but
ultimately my recommendation, work on a few projects in your spare time.
Write some white papers, do some research and present your results a
webpage.  Actually do something that would impress employers. You can
either try to prove that you know something, or you can do something
that proves you know it.
And if you are worried that you might get passed over from HR because
you do not have a cert.  Do you really want to work at a place that uses
an algorithm that pre-screens for minimal requirements? Sounds like a
place that is just looking for bodies to me. 

Simmons
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: CISSP Prep books?, lalit.gupta
Next by Date:  RE: Enterprise Log Management Systems, Ackley, Alex
Previous by Thread:  Re: RE: Value of certifications, dave_p19
Next by Thread:  RE: RE: Value of certifications, Craig Wright
Indexes:  [Date] [Thread] [Top] [All Lists]