funsec mailing list archives
Re: Presidential Internet Kill Switch
From: Jon Kibler <Jon.Kibler () aset com>
Date: Wed, 23 Sep 2009 06:16:57 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan Kaminsky wrote:
On Wed, Sep 23, 2009 at 6:28 AM, Paul Ferguson <fergdawgster () gmail com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Sep 22, 2009 at 8:56 PM, Dan Kaminsky <dan () doxpara com> wrote:I'm rather less concerned about 'presidential kill switch' and much more concerned about 'security consulting illegal in undefined contexts unless undefined certifications are maintained'. What if it was illegal to hire anyone who could actually find a problem?Then the criminals (and terrorists and whomever) win.Yes. Those of us who have a problem with the criminals and terrorists and whomever winning should probably stop worrying about some in extremis provision that'll never be triggered and worry more about the part where some certification authority can fire you.
<rant> I don't have a problem with certification, per se. The problem I have is with the specific certification most likely to be required: CISSP. The majority of the CISSPs that I have had to interview for various IT Security jobs are totally clueless -- especially if that is the only certification that they have. Let's face it, CISSP should not be considered a security certification. Rather, it should be considered a management certification -- something that says "I at least understand all the security buzzwords, but I probably can't do anything real in security." IMHO, *any* certification that does not require a *hands-on* skills examination (e.g., CCIE, RHCE, OSCP) is worthless, proving only that you are capable of memorizing information. We have too many people in our industry today who have a piece of paper that declares that they are an expert, but are totally incapable of doing any real security work. (Just look at the number of companies selling a Nessus or nmap scan as a "penetration test" -- "we are highly qualified, we are CISSPs.") </rant> Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkq59ZgACgkQUVxQRc85QlPk0ACfbXj1WXEPLcnIYEff6dVW+WZD gMYAniv0rdQhHhviAz1oOX1JmvDbxfcb =A2GX -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Presidential Internet Kill Switch, (continued)
- Re: Presidential Internet Kill Switch Dan Kaminsky (Sep 22)
- Re: Presidential Internet Kill Switch chris (Sep 23)
- Re: Presidential Internet Kill Switch Dan Kaminsky (Sep 23)
- Re: Presidential Internet Kill Switch phester (Sep 23)
- Re: Presidential Internet Kill Switch Michael Collins (Sep 23)
- Certs [was Re: Presidential Internet Kill Switch] der Mouse (Sep 27)
- Re: Certs [was Re: Presidential Internet Kill Switch] Jon Kibler (Sep 28)
- Re: Presidential Internet Kill Switch Jon Kibler (Sep 23)
- Re: Presidential Internet Kill Switch Valdis . Kletnieks (Sep 23)
- Re: Presidential Internet Kill Switch chris (Sep 23)
- Re: Presidential Internet Kill Switch Jon Kibler (Sep 23)
- Re: Presidential Internet Kill Switch Buhrmaster, Gary (Sep 23)
- Re: Presidential Internet Kill Switch Larry Seltzer (Sep 23)
- Re: Presidential Internet Kill Switch Valdis . Kletnieks (Sep 23)
- Re: Presidential Internet Kill Switch Rob, grandpa of Ryan, Trevor, Devon & Hannah (Sep 23)