credentials & experience (was: Re: OPST vs CEH

["Meritt James" <meritt_james () bah com>]

You realize, I hope, that to maintain many of the certifications it is
necessary to get, as well as document, precisely that training and
experience which you mention, as well as more.


wjnorth wrote:
> Good points all.
>
> Here's my two cents, which will probably get me flamed, but, whatever I've
> got spam.
>
> Certs in general, in my opinion, do not offer anything other then the
> recognition that someone spent enough time to study material and answer
> questions, and perhaps participate in a lab environment. I've ran into so
> many countless people that have certifications ranging from GSEC, CISSP,
> GCIA and a ton of others, that didn't know the difference between a syn
> scan and a full tcp connect, or couldn't explain some of the current public
> exploits and what they do to systems, or valued ISS over nessus, and nessus
> over manual methods...the list goes on and on.
>
> That is not to say that the certs are useless, far from it, especially if
> one backs it up with practical experience. Having said that, let me also
> say that while I hold these sentiments against certifications I also
> believe they are worth something in that it provides people the ability to
> get into security or whatever field their cert is for. They aren't useless,
> in my mind, but for sure nothing beats experience.
>
> Additionally I believe some of the SANS certs hold a bit more water then
> others simply due to industry acceptance, awhile back someone might have
> said the same for CISSP. Regarding the OSTMM, I only recently (within the
> last year) found out about them, and have been doing security for quite a
> while, but apparently not long enough to run across this very interesting
> methodology.
>
> -Wes
>
> P.S. you'll notice no letters after my name, but I could list my four year
> degree to offer some credibility. ;-)

You notice that I do.  I could list my BS & MS, too, but they really
wouldn't help in the arena of offering competent computer security
assistance to the State Department as well as other places.  They are
the "foot in the door" that require additional knowledge to perform once
entry is gained.

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------