lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: robertrepp at (Robert Repp)
Subject: Training & Certifications


What we're doing is porting customers from consultancy by one person to a 
new, larger business owned by that person as a growth move. We're 
"inheriting" three small (~150 seat) corporations and a handful of small 
(~5-25 seat) office businesses. Almost every customer has had some issue 
with either trojans, hacking attempts, or DoS. As we go through the sales 
process, we're being asked often about all of these.

As a salesman, I'd like to be able to point out a credible authority whose 
training informs our work. As a technician, I'm interested in making sure 
our team can get actually useful training. I agree that the right people and 
skillset is much more important than simply having the right certs on the 
lobby wall. Side question: Is there a reliable test you favor when 
interviewing new techs about network administration?

This list seemed like the place to ask about widely respected security 
authorities, since anything obviously fake or useless tends to be quickly 
engulfed in flames.


>From: Harlan Carvey <>
>To: Exibar <>, Robert Repp <>
>Subject: Re: [Full-Disclosure] Training & Certifications
>Date: Fri, 2 Apr 2004 13:31:29 -0800 (PST)
> > Without the experience behind the cert, any and all
> > certs aren't even worth the paper they're printed
>This is true, and I couldn't agree more.  However, the
>thing about certs is that they have to be measureable
>and repeatable...which, when one becomes popular, very
>quickly leads to bootcamps, etc.  There a lot of folks
>w/ the necessary experience...but even that doesn't
>make a "qualified" security professional.
> > With that said, the most notable Security
> > cert would have to be CISSP.
>The CISSP may be useful for Robert's upper-level
>folks, but it's really more of a management level
>cert.  For what Robert seems to want to do, I wouldn't
>think that any certs would be necessary...after all,
>are small businesses really going to want to pay the
>higher price for folks w/ high-level certs?
>Robert, saying you want to set up a security
>consultancy for small businesses, what kind of
>services do you plan to offer?  Maybe that would help
>your decision regarding certifications.  It might be
>advisable to look for folks w/ MCSEs, Red Hat
>cert...whatever os's you're going to support.
>Hope that helps a bit...

Persistent heartburn? Check out Digestive Health & Wellness for information 
and advice.

Powered by blists - more mailing lists