lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: srenna at vdbmusic.com (Scott Renna)
Subject: Certifications

Most recruiters don't even know what GIAC is.  The ones that do are the 
ones I talk to.


Clement Dupuis wrote:
> One of the big problems is the marketing behind some of the certification
> and the way people interpret what they are.
> 
> A certification like the CISSP is NOT an in depth certification.  Let's face
> it, you need to have  3 years experience plus a degree in one or more of the
> 10 domains of expertise and this does not have to be continuous experience.
> If you do not have a degree, you then need 4 years.
> 
> This means that someone who has been doing strictly doing physical security
> for 4 years is allowed and entitled to sit for the exam.  If he studies
> adequately and prepare himself, there are good chances that he can axe the
> exam with 6 months of thorough studies.  Does this makes him a security
> expert: NO Does this improve his general knowledge of security and make him
> more aware that there is more than physical security to contribute to the
> overall security of his company: YES.
> 
> A few letters behind your name will not get you those HIGH paying jobs that
> unscrupulous people often promise.  Experience and a proven track record in
> the field will.
> 
> I think there should be a certification about understanding certifications
> given to head hunters and recruiters out there.  They would understand that
> you do not have to ask for a CISSP to manage your firewall.  They would
> understand that an MCSE is not required to do Linux Security.  Something it
> is hilarious to see their job posting and what they are asking for.
> 
> Clement
> 
> 
> 
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Scott Renna
> Sent: Monday, November 22, 2004 12:37 PM
> To: pingywon MCSE
> Cc: 'Paul'; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Certifications
> 
> I try to be considerate and leave our industry open to all, but 
> bootcampers I have met....sheeesh, you may as well just had over the 
> keys to the castle.  In many cases, they think they know what they are 
> doing and weaken the security overall of the network.  i deal with this 
> daily with my "higher-ups"
> 
> Honestly, it kind of makes me sad that I have a CISSP as I've recently 
> met several supposed Security Experts that have those 5 letters attached 
> to their name and know NOTHING.
> 
> That's why I recommend GIACs.  GIACs actually demonstrate you know what 
> you are talking about
> 
> pingywon MCSE wrote:
> 
>>Well this is one area I have dealt with too many times. For anyone who has
>>spent anytime on the MS cert new groups you all know what im talking
> 
> about. 
> 
>>People who are already employed in IT with out any certs are the firsts
> 
> ones
> 
>>to say how worthless they are and how everyone who has them "just
> 
> memorized"
> 
>>a bunch of questions. 
>>
>>People who have some certs - and might only be in the position they are in
>>today due largely to some certs would tend to disagree. 
>>
>>I have also worked for one of these "boot camp" schools (for a total of
>>about 3 months-shame on me)
>>
>>The inherent problem is that while the "boot camps" do serve their purpose
>>to people who need brushing up to gain some certs - people that already
> 
> have
> 
>>a solid base to build upon - those aren't the people that go to boot camps
> 
> .
> 
>>It doesn't matter if it is a 2 week boot camp or a 6 month one.
>>The people that go to these boot camps are roofers and construction
> 
> workers
> 
>>who want a way out of their current employment situation. While that is
> 
> all
> 
>>well and good these people do not make the best candidates for IT work
> 
> (with
> 
>>no background knowledge) and the boot camps don't care (no matter if its
> 
> MS
> 
>>er cisco boot camps) They just want their $$ ......like cattle I suppose.
>>
>>
>>Has this brought down the "bar" on what a cert means? ...it sure has
>>Does it mean everyone with certs doesn't know anything? Not at all
>>
>>Most employers take certs for granted..And now they are EXPECTED - before
>>the cert use to be a distinguishing mark, now it is given
>>
>>~pingywon MCSE
>> 
>>http://www.pingywon.com
>>-----Original Message-----
>>From: full-disclosure-admin@...ts.netsys.com
>>[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Paul
>>Sent: Monday, November 22, 2004 02:57
>>To: full-disclosure@...ts.netsys.com
>>Subject: [Full-Disclosure] Certifications
>>
>>While I gotta agree that experience is what
>>counts, what (if any) specialist certs should a
>>tertiary student, with a special interest in
>>security, use to underpin their prac?
>>
>>P.S. If I'm too ignorant to warrant a civil
>>answer, like being told to go to the movies, my
>>apologies in advance so no flame needed.
>>
>>=====
>>
>>one step at a time...
>>
>>
>>
>>Find local movie times and trailers on Yahoo! Movies.
>>http://au.movies.yahoo.com
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>>---
>>Incoming mail is certified Virus Free.
>>Checked by AVG anti-virus system (http://www.grisoft.com).
>>Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004
>> 
>>
>>---
>>Outgoing mail is certified Virus Free.
>>Checked by AVG anti-virus system (http://www.grisoft.com).
>>Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004
>> 
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ