Penetration Testing mailing list archives
RE: Learning vs. Play Time
From: "Clement Dupuis" <cdupuis () cccure org>
Date: Sat, 7 Feb 2004 19:13:12 -0500
Good day Robert,
For me, the value of a class is not in the test or even the certification at the end. The lasting value is in the knowledge and skill set that you refine and take with you back to your job. I also have made lasting relationships from the classmates, students, and instructors that I've met over the years. All of these mean a lot
more
to me than the "e-i-e-i-o" at the end of my name.
Fully agreed. As you have notice this is why we are not making use of the Official CEH curriculum but our own. The CEH did not address any business issues, did not address methodology in version 2, and a lot more foundation skills and knowledge that a tester is required to have was not in their courseware. The CEH official courseware Version 3 is 100% better but still has some refinement to make it in line with reality.
felt was missing in the security class space. Many non-vendor
specific
security classes have a very narrow tools based focus. While I agree that knowing how to use your tools in a test is important, I feel knowing why and when to use them is far more important.
You sound like me doing my intro on day one. I totally agree, you are NOT going to show people how to become an Uber Security Tester in a week. If you succeed in showing to them what being a tester is all about, what steps should be followed, what are the obstacles, and give them the foundation skill and pointers they need, then you have succeeded in your mission of putting them on the right track to success. I had student who are applying their skill out in the real world, many of them have written back to express their joy that we only covered a dozen tools and show them what to look for and where to look for and how to look for it. One student did 12 tests so far and on all of the tests he found vulnerabilities whether it was a server, an application, physical security environment issues, or other issues that might not even be network related.
The CEH class represents the other kind of class. One that is
"flashy",
"fun", "exciting", but not overly useful to the serious professional. While I have a lot of respect for Clément (one of the instructors for Intense School), I have very little respect for any organization that markets "hacker" classes.
No offense taken Robert. I think that what you realize is the reality of the market right now. Marketing as the OSSTMM is seeing right now, is essential in getting the word out. Even if you have the best methodology in the world but nobody knows about it, it does not help the masses. I am not one to get all wrap up around semantics. I have seen endless thread on what terms it should be called and the use of the word Hacker in any way, shape, or form. If you wish to throw Hacker, Hacking, Cracker or whatever in the name of the course I do not care. What I do care about is what is behind the offering, who is delivering it, and the quality of the content. Based on those three criteria I do believe that all of the students I have taught to had their money worth.
While choosing where to spend your time and money, consider the community you are aligning with. If you look at ISACA, SANS, ISC2, ISECOM, etc.. they all have a true dedication to security and the betterment of the global information security community. Contrast
the
value of being affiliated (via education/certification) with any of those organizations over a piece of paper and a cd of toys.
All of the organization that you have mentioned above are this big not only because of their community involvement but in large portion because of the quality of their offering and their whole philosophy and approach to security. Look at the people at SANS, they are all professionals in the field that live and breathe by Information Security. This is what allowed them to become THE leaders on the market and have the financial means to make a significant difference in the information security world by using the money generated through their education wing to generously contribute back to the community on a scale like nobody else does (I would probably exclude ISC2 from this statement). Pete could tell you this as well: once you become as big as the OSSTMM has become, this is no longer a project you do at night, it is a full time job if you wish to take things to the next level. The only thing that is keeping ISECOM alive without killing Pete is kind contributors like you and many others. However, reality is that the OSSTMM will have to get some financial means, revenues, or an Angel as a way to support itself if it wishes to become a player in the same league as the ISACA, SANS, and ISC2. I do believe this can be accomplished while being through to the fundamentals that Pete has set for ISECOM. Best regards Clement --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- OPST vs CEH kenzo (Feb 05)
- Re: OPST vs CEH circut (Feb 06)
- <Possible follow-ups>
- RE: OPST vs CEH Matthew Stein (Feb 06)
- RE: OPST vs CEH Bartholomew, Brian J (Feb 06)
- RE: Learning vs. Play Time Robert E. Lee (Feb 07)
- RE: Learning vs. Play Time Clement Dupuis (Feb 12)
- RE: Learning vs. Play Time Robert E. Lee (Feb 07)
- RE: OPST vs CEH Don Parker (Feb 07)
- Re: OPST vs CEH Ben Nelson (Feb 11)
- RE: OPST vs CEH Bartholomew, Brian J (Feb 11)
- RE: OPST vs CEH wjnorth (Feb 12)
- credentials & experience (was: Re: OPST vs CEH Meritt James (Feb 16)
- Re: OPST vs CEH Patrick Prue (Feb 13)
- RE: OPST vs CEH Pete Herzog (Feb 16)
- RE: OPST vs CEH wjnorth (Feb 12)
- RE: OPST vs CEH Don Parker (Feb 12)
- RE: OPST vs CEH Don Parker (Feb 13)
- RE: OPST vs CEH wjnorth (Feb 16)