Penetration Testing mailing list archives
Re: Re: CREST or TIGER?
From: cwright () bdosyd com au
Date: 19 Oct 2007 22:02:10 -0000
Hello all, It is easy to bitch about what this, but even easier to forget that different certs are aimed at different things. CISM is a management certification - this is not a hands on tech one. CISSP is a indicator of baseline knowledge. GIAC are focused on a particular area. In these - it all depends on what your focus is and ALSO the level. Silver is good, but it is not as yet proctored for all (changing) and silver is just multi-guess. When you get a gold paper then maybe we can talk. Would I trust a person with a GCUX alone to run a Windows system - NO. Do I feel that they could run (at least at a basic level) a Unix system - Yes. This goes for all these certs. As for Passion - I have found MANY passionate people who have ballsed up a job. Who have rushed into an incident and destroyed evidence. As for Tiger or Crest - they are relatively unknown as yet and thus offer little value as yet. Time may tell, but ... As for my personal opinion, I have seen MANY people bitching about HR, management, business, certified people etc. What I have found in my 23 years in Info Sec is that those who "bitch" the loudest about this are the least likely to fit in a team. And THIS is an issue. Cowboy security jockeys are in abundance. What is needed is more professionals. A cert will not do this. What is needed is experience OUTSIDE IT security as well as the tech skills. Regards, Craig Wright GSE-Compliance ____In reply to_____ Hi, from my point of view, among security professional, xyz certification won't mean anything and so does university degree. I've been working with CISSP, computer science PhD, CEH, CISM, GIAC and others guys and found that my opinion about there competency in computer security cannot be based on those. The only common denominator I found among the best was passion. If you think you need some sort of certification to be taken more seriously, you should consider questioning the way you work/collaborate or introduce yourself. I cannot speak for everyone but personally, for the time I've been working in computer security, the little letters following names have lots all credibility. The only time it looks quite important and finally worth something is with people outside the security community (e.g. executive, human resource). This is only my opinion, no offense. --- Danny Fullerton, xyz Founder Mantor Organization EH wrote:
All, I would value your opinion. I am trying to make a comparison between the 'new kids on the block' in terms of pen tester accreditation here in the UK, CREST and TIGERScheme, for my organisation. So far I've come up with the following information. CREST TIGER An existing examination No Yes Independent of suppliers No Yes End user driven No Yes Not for profit Yes? Yes Applicable to Individuals Yes? Yes Company standards Yes Yes (CCTM) Career path Yes? Yes University standard No Yes It seems that the TIGER Scheme www.tigerscheme.org is fully up and running and accrediting individuals already plus it is a University based examination which CREST www.crest-approved.org is not. I see from the CREST website that they are in support of the often maligned multiple guess CEH examination and will 'grandfather' individuals into the 'CREST approved' scheme if they have CEH. Now I am a CEH [amongst other things I hasten to add] and I sat the exam in early 2003. It was taken reasonably seriously then but it seems that the pen test communities opinion of the cert has deprecated somewhat over time ... so is CREST a re-branded EC-COUNCIL? If so will they go the same way? To grandfather into TIGER at the lowest level of certification you need an approved MSc in Computer Security. Basically any certs I recommend for my organisation I want to be taken seriously now and in future. I am heavily leaning towards TIGER. Your thoughts? Thanks in advance.
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- CREST or TIGER? EH (Oct 18)
- Re: CREST or TIGER? Danny Fullerton (Oct 19)
- RE: CREST or TIGER? Shenk, Jerry A (Oct 19)
- Re: CREST or TIGER? mamo (Oct 21)
- Re: CREST or TIGER? Rory McCune (Oct 21)
- <Possible follow-ups>
- Re: Re: CREST or TIGER? cwright (Oct 19)
- Re: Re: Re: CREST or TIGER? cwright (Oct 19)
- Re: CREST or TIGER? Danny Fullerton (Oct 20)
- Re: CREST or TIGER? cwright (Oct 20)
- RE: CREST or TIGER? Paul J Docherty (Oct 23)
- Re: CREST or TIGER? Danny Fullerton (Oct 19)