lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat Nov 26 06:20:23 2005
From: rs2321 at gmail.com (R S)
Subject: Re: Hacking Boot camps!: certifications

On 11/26/05, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote:
> On Sat, 26 Nov 2005 09:52:13 +0530, R S said:
>
> > Hint: Compare how much of technical advancement has happened in the
> > security field because of published GIAC papers compared to real
> > technical papers coming out of academia.
>
> On the other hand, most companies are hiring people who understand how to
> use *current* knowledge to secure things and help the bottom line, not do
> research.
>
> When I take my car in to be serviced, the fact the mechanic has his sheet
> on
> the wall saying he's completed the vendor training on the engine, exhaust,
> air conditioning, and brakes for my make of car tells me something.  I
> don't
> need Enzo Ferrari fixing my fuel injection.
>
>

Yes. You are very right. But you are comparing getting a training from
Cisco on Cisco router to getting a very general certification from
Sans saying you are a security expert.

If you are a qualified mechanic who work on different makes and models
and you are hiring a car mechanic to work for you would you hire
someone who can show they can do any job you throw at them or someone
who just touts that they have a specific certificate from a specific
vendor? As a  non-technical car driver I may be impressed by seeing
the certificate from the vendor on the wall.

Again this may not be a good comparison because if you take
automobiles there are enough nuances that are very specific to a make
and model that you need training from the vendor to even know what's
wrong. It should be the same way for security. If there is a cisco
firewall protecting your network it may be nice to know that a person
trained by cisco is setting it up rather than a "security expert" with
a generic sans certification - though that should not be the only
criteria because yor network is just not that cisco router.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ