Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Federally Mandated Certification of cybersecurity professionals?

From: "J. Oquendo" <sil () infiltrated net>
Date: Thu, 9 Apr 2009 13:38:52 -0500
On Wed, 08 Apr 2009, macubergeek wrote:


Wolf

I believe there were moves afoot to have something like that in the  
civilian fed space as well. This new legislation will do little to  
ensure competency.  The feds only solution to any problem is to take a  
profession already hampered with hoop jumping and to add more hoops.



If hoop jumping bothers anyone, then this is not the industry
for them. Security changes almost daily so there should be
little difference in actually taking the time to jump through
hoops in understanding the threats along with the attack
vectors. If you can't talk the talk dot dot dot

Will the legislation lead to identifying and hiring the "right"
individuals, sure it will. It will lead to the CYA (Cover Your
A..) methodology of being able to say they took their due
diligence. There is a disconnect many times with those who
have a clue NOT being certified and those with certifications
still not understanding.

Personally, I believe this raises the bar for those unclued
and certified to actually go out and re-think/re-examine
slash "get a clue". Because it won't be something as easily
passed as many trolls would elude to, I think the government
is showing that even though they're taking babysteps, they're
starting to see through the mud and wisening up on security.

One of my biggest problem with government is, they isolate
themselves far too often. Instead of turning to a "best of
breed", dual view of security (private sector/research and
their own staff), they often rely far too much on one set
of eyes.


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP

"Enough research will tend to support your
conclusions." - Arthur Bloch

"A conclusion is the place where you got
tired of thinking" - Arthur Bloch

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: