lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: MCSE training question [SNIP] > > If I'm being operated on, I want an MD operating on me, I don't want > someone that "can perform the operation" without passing the exams to get > the MD..... > Actualy, you might prefer someone that not only has the MD appended, but actual operating experience, rather then someone familiar with the concepts of surgery. Letters appended to a sig merely mean there is a general understanding of braod concepts, along with the ability to pass an exam. It speaks nothing to the ability to put those concepts to work in a given realm or area of actual work. I'm still amazed at the number of cissp's that have the cert, yet can't tell the difference between a connectionless protcol and one that is connection oriented. I'm constantly being tapped by those cissp's that are charged with doing network scans, and insist that if they can't openly scan the systems I maintain then there are 'hidden' vulnerabilities they need tofind, they don't iunderstand the fact that they might not beable to openly scan due to restrictions on the system itself, which are part of the security layering as a whole, that mitigate potential risks. So , we open tcpd. portsentry and the other tools that are in place, and still find these folks convinced that since their fav scanner is not noting anything of significance, that there must be something I'm hiding from their 'observations'. Course, open up a service port, never mind what listener might be behind it, and wait to see how they interpret and investigate 'what they think they might have found' and watch the canned reports pushed to management about the open holes waiting exploitation. The actual value of a certification in these cert happy times of economic recovery tend to mean less and less as we push folks through the process as fast as we can 'bootcamp' them into testing mode. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists