Re: Network Security Certification

[Alec Muffett - SunLabs <Alec.Muffett () UK Sun COM>]

> I've just taken the course.
> The exam is Saturday.
> No its not mainframe oriented.
> I've been doing this for nearly 20 years and I find the material
> a challenge.   Despite what people like Paul Robertson say, this is a
> true test.

I won't argue with the fact that taking some kind of exam in the field
at least shows some sort of dedication to the topic of security, and
therefore could help employers sort some of the wheat from the chaff
of job applications.

On the other - and to my mind, more important - hand, one thing that
such a qualification will never provide is a demonstation that the
possessor of said qualification has got a "CLUE"(TM) [1] - viz: a deep
comprehension of the issues of network security, rather than the mere
ability to parrot-rote the "N" different software security
certification systems that are in use worldwide.

This, combined with that other hard-to-test trait of actual *ability*,
is what goes to make up a good network security person[2].

Without "CLUES"(TM), all the knowledge in the world will not protect
your network; it is a regrettable almost-certaintly, however, that
your insurance premiums will eventually be bound to how many certificates
your staff have passed, rather than how many "CLUES"(TM) they possess.

Best of luck with your exam.

        - alec


[1] "CLUE" and "CLUES" are trademark (TM) Marcus Ranum, 1987,

[2] Speaking as someone whose only security (or indeed computing)
qualification whatsoever is a "Introductory Fortran for Numerical Analysis"
course segment taken in 1986 as part of an Astronomy degree.[3]

[3] Presumably this means I know nothing about security and therefore
am unemployable in the field.

-- 
    alec muffett, sun microsystems laboratories, alec.muffett @ uk.sun.com
                     class c addresses please little minds