Penetration Testing mailing list archives
credentials & experience (was: Re: OPST vs CEH
From: "Meritt James" <meritt_james () bah com>
Date: Fri, 13 Feb 2004 09:08:44 -0500
You realize, I hope, that to maintain many of the certifications it is necessary to get, as well as document, precisely that training and experience which you mention, as well as more. wjnorth wrote:
Good points all. Here's my two cents, which will probably get me flamed, but, whatever I've got spam. Certs in general, in my opinion, do not offer anything other then the recognition that someone spent enough time to study material and answer questions, and perhaps participate in a lab environment. I've ran into so many countless people that have certifications ranging from GSEC, CISSP, GCIA and a ton of others, that didn't know the difference between a syn scan and a full tcp connect, or couldn't explain some of the current public exploits and what they do to systems, or valued ISS over nessus, and nessus over manual methods...the list goes on and on. That is not to say that the certs are useless, far from it, especially if one backs it up with practical experience. Having said that, let me also say that while I hold these sentiments against certifications I also believe they are worth something in that it provides people the ability to get into security or whatever field their cert is for. They aren't useless, in my mind, but for sure nothing beats experience. Additionally I believe some of the SANS certs hold a bit more water then others simply due to industry acceptance, awhile back someone might have said the same for CISSP. Regarding the OSTMM, I only recently (within the last year) found out about them, and have been doing security for quite a while, but apparently not long enough to run across this very interesting methodology. -Wes P.S. you'll notice no letters after my name, but I could list my four year degree to offer some credibility. ;-)
You notice that I do. I could list my BS & MS, too, but they really wouldn't help in the arena of offering competent computer security assistance to the State Department as well as other places. They are the "foot in the door" that require additional knowledge to perform once entry is gained. -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- OPST vs CEH kenzo (Feb 05)
- Re: OPST vs CEH circut (Feb 06)
- <Possible follow-ups>
- RE: OPST vs CEH Matthew Stein (Feb 06)
- RE: OPST vs CEH Bartholomew, Brian J (Feb 06)
- RE: Learning vs. Play Time Robert E. Lee (Feb 07)
- RE: Learning vs. Play Time Clement Dupuis (Feb 12)
- RE: Learning vs. Play Time Robert E. Lee (Feb 07)
- RE: OPST vs CEH Don Parker (Feb 07)
- Re: OPST vs CEH Ben Nelson (Feb 11)
- RE: OPST vs CEH Bartholomew, Brian J (Feb 11)
- RE: OPST vs CEH wjnorth (Feb 12)
- credentials & experience (was: Re: OPST vs CEH Meritt James (Feb 16)
- Re: OPST vs CEH Patrick Prue (Feb 13)
- RE: OPST vs CEH Pete Herzog (Feb 16)
- RE: OPST vs CEH wjnorth (Feb 12)
- RE: OPST vs CEH Don Parker (Feb 12)
- RE: OPST vs CEH Don Parker (Feb 13)
- RE: OPST vs CEH wjnorth (Feb 16)