Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Value of certifications

from [Simmons, James] Network Security [Permanent Link]
Subject: RE: Value of certifications
Date: Thu, 26 Apr 2007 15:36:09 -0500 
 
Yes, I agree about determining the pecking order, but what is a better
way of proving that you know something? Actually going out there and
demonstrating that you know it. Or taking some cheaply made test, that
no one knows how it was formed, as your validation?
I am not saying that certifications do not serve a purpose, but I have
found very few that are actually good enough to live up to that purpose.
My example differs between vendor certs (CCNA, MCSE, etc.) and general
knowledge certs (CISSP, security+, etc.)  The vendor certs are by far
superior (though expensive for no reason) because who would know the
subject matter better then vendor.  The general knowledge certs are a
joke. What designates these people as experts? Both in the field that
the cert is focusing on, and in creating a meaningful cert?
In my rant off my link I make reference to the ASE certs for Automotive
technicians. ASE was formed by the major automakers of the day to
maintain a acceptable skill level. They employed psychologists,
professors, and other education experts to research and ensure that
their testing methods give an accurate portrayal of the skill level of
the individual. Do you honestly think that any of these companies have
put that much time and effort into their tests? These are start-up
companies that believe they can make some money off of trying to
sudo-train individuals to do a complicated job. And companies are
trusting these "certified" professionals to protect them and conduct
business critical work on their systems.
And I am not saying that this is the case for everyone. Some very
intelligent, and capable individuals are getting the certs because that
is what will attract customers. They are not getting the certs to learn
anything new. They are getting them to prove that they know. And at that
point I question why these certs have to cost so much?
While every other question I see in this forum about certs is "I want to
learn about security, what is the cert I should go after?".
It is just a messed up system that really needs an overhaul.

Regards,

Simmons

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of TJ Stamm
Sent: Thursday, April 26, 2007 6:33 AM
To: Simmons, James
Cc: security-basics@securityfocus.com
Subject: Re: Value of certifications

/"But I find them only to be good if you want a basic level system admin
job"

/Lets take someone who has many certs against someone with NO certs.
They both have been working in the field for 8 years. They both have
about the same personality, and are requesting the same compensation for
the position. Who do you hire? The guy who has just been working for 8
years. Or the guy who has been working for the same amount of time, but
also took steps to further himself and his knowledge. People always
assume that if someone has certifications they have no experience or
vice versa. Think about the people who have the experience and have also
keep working to further there knowledge.

--
TJ Stamm | Essex Internet Services
MCP, MCDST, MCTS, Server+, Security+
(815) 380-3773
tjs@essex1.com



Simmons, James wrote:

 I will have to disagree about the validity of certs. It is true that
certs will get you the interview. But I find them only to be good if

you

want a basic level system admin job. Everyone is putting too much
emphasis about certifications these days. Granted it is a way to
determine that at some point an individual was able to remember (or at
least guess) the right answers for a group of questions at some point

in

time, but that doesn't necessarily prove that someone is competent. 

http://san2600.org/index.php?name=Blogs&mode=display&id=10

I will have to refer you to my long rant about the subject, but
ultimately my recommendation, work on a few projects in your spare

time.

Write some white papers, do some research and present your results a
webpage.  Actually do something that would impress employers. You can
either try to prove that you know something, or you can do something
that proves you know it.
And if you are worried that you might get passed over from HR because
you do not have a cert.  Do you really want to work at a place that

uses

an algorithm that pre-screens for minimal requirements? Sounds like a
place that is just looking for bodies to me. 

Simmons
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RE: Value of certifications, andrews
Next by Date:  Re: RE: Value of certifications, Nathalie Vaiser, RFC, FMM
Previous by Thread:  Re: Value of certifications, TJ Stamm
Next by Thread:  Re: Value of certifications, Yousef Syed
Indexes:  [Date] [Thread] [Top] [All Lists]