lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200411220644296.SM02956@wolfcub>
From: purdy at tecman.com (Curt Purdy)
Subject: [ok] Certifications

Paul wrote:
> While I gotta agree that experience is what counts, what (if 
> any) specialist certs should a tertiary student, with a 
> special interest in security, use to underpin their prac?
> 
> P.S. If I'm too ignorant to warrant a civil answer, like 
> being told to go to the movies, my apologies in advance so no 
> flame needed.

Not everyone on this list are crude brainless kiddies Paul (though too many
are ;) Having said that, let me address your main point.  With a number of
letters behind my name (will have to drop the CCDA to accommodate my
upcoming GSNA), I feel qualified to answer your question.

For some reason the CISSP is considered one of the most prestigious certs.
I describe it as a river a mile wide and 6 inches deep.  However, I found it
relatively easy to obtain with no schooling required, as were all my other
certs, except for the GSEC that required an 8x12-hour day intensive SANS
class (in my case complemented with a co-ordinated national meeting of
military IS people and keynote by Richard Clarke, who I respect very much).
I tell people that you come out of that either scared to death or with a
brain, two hat-sizes bigger.

Most GIAC certs are very technical in nature. I describe them as being a
quarter-mile wide and 20 feet deep. Although I passed the GSEC on first try,
the test was much more difficult than the CISSP. That is why I decided to
pursue my GSNA as opposed to a CISA.  And in that one 6-day class, I
shoe-horned enough stuff in my brain to keep me busy for months.  Well worth
the money.

My .02

Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ