Penetration Testing mailing list archives
Re: Security Testing Certifications (was Mile2 Training (Certifications))
From: Pete Herzog <lists () isecom org>
Date: Thu, 12 Jul 2007 10:53:41 +0200
Hi,
ps. Don't forget about the OSSTMM courses which are available now !!!
The ISECOM professional security tester and analyst courses (www.isecom.org) have been running over 6 years now and are now defined by the OSSTMM 3 methodology. So it isn't about ethical hacking or penetration testing but of the superset of security testing which includes elements of both as well as tests for compliance and the RAV metrics (you can see a video me talking about this at FOSDEM- see http://video.fosdem.org/2007/FOSDEM2007-SecurityTesting.ogg - you might need to download VLC to watch it so if anyone wants to convert it or post it on a video sharing site like Youtube, that'd be mighty cool of you). This all prepares you for the comprehensive certification exam and requires that you be able to perform a security test to pass. So it is what we call an Applied Knowledge test which means it's not just about skill but about using what you know efficiently and precisely. Our reasoning for this is so those who get their OPST or OPSA do really know what they're doing for a full security test.
The certification program has been growing well but we never pushed hard in the US market. Now most Americans end up going to Canada and Mexico or even coming to Europe to get certified. We do now have a training partner again in the US and even an exam center too. See http://www.isecom.org/partners/training.shtml for details.
For those who don't know, ISECOM is an independent, open, non-profit organization with the mission to "make sense of security." We are well known for the OSSTMM and our security metrics but also operate and participate in many other projects like OpenTC (www.opentc.net). Our certification program comes from our research and has been defined by what is correct rather than by what makes for shiny marketing material. So you might find yourself feeling very enlightened and very satisfied by the experience even if you have a few years of experience under your belt as most people perpetuate mistakes and bad habits for years before passing them on to those they mentor.
And by the way, although we never really made a big deal publicly about it, you can grab the spreadsheet for the security metrics at the ISECOM website as well. Instructions on using it have been put into OSSTMM 2.2 available at www.osstmm.org.
Sincerely, -pete. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------
Current thread:
- RE: Mile2 Training (Certifications), (continued)
- RE: Mile2 Training (Certifications) Ken Kousky (Jul 15)
- Re: Mile2 Training (Certifications) Pete Herzog (Jul 16)
- Re: Mile2 Training (Certifications) Andrew Blyth (Jul 17)
- Re: Mile2 Training (Certifications) Jamie Riden (Jul 18)
- RE: Mile2 Training (Certifications) Ken Kousky (Jul 17)
- Re: Mile2 Training (Certifications) Pete Herzog (Jul 23)
- Re: Mile2 Training (Certifications) Jamie Riden (Jul 13)
- Certifications Andrew Blyth (Jul 13)
- RE: Mile2 Training (Certifications) Alex Balayan (Jul 11)
- Re: Security Testing Certifications (was Mile2 Training (Certifications)) Pete Herzog (Jul 12)
- RE: Mile2 Training (Certifications) Hope, Sean (Contractor) (Jul 12)