Penetration Testing mailing list archives
Re: Security Certifications for SOC team
From: Miller Grey <vigilantgregorius () gmail com>
Date: Sun, 1 Mar 2009 12:54:41 -0600
My apologies Andre, I realize now you were not the original poster, so my response was way off base and I jumped the gun prematurely (stepped on a rake). Although, having been to SANS and having attended various boot camps, I think you're opinion on SANS is a bit harsh, and you were the one that brought up SANS being vendor-specific. If you meant in the material, fine, although I think it varies by instructor/course. I've found the majority of boot camps I've been to introductory and focused solely on the certification exam, not the knowledge-base needed to to do the job, which I find SANS does (to an extent). I also know a number of people who have challenged the certs successfully without taking the classes. Your assertion about the DoD is a bit harsh as well IMHO, that's marketing. I will at least try to add some value to this thread since I skewed it in the negative with my previous post (which I humbly regret). ISECOM has some amazing material, although I've never been to their training, I reference their OSSTMM framework often, and found their recently authored book to be quite interesting. Microsoft ACE has always been solid, as well as the Foundstone folks...but to say that SANS pales in comparison to your list of (some very vendor-specific) training vendors is a bit over the top. Putting metrics to training quality (especiialy feedback) is an awesome idea, one that should be implemented in every business, no doubt. I also think for a soc, your assertion on CERT is dead on. What better a training vendor for IR than CERT, or at least that would be my assumption. Again, I have no experience with their training materials/instruction. I do know the training and GCIH cert is pretty good. (Out of curiosity, what's your opinion of EC-Council and the CEH cert?) The original poster (whom I grossly and unfairly attacked) asked what certs have a good deal of respect in the industry and demonstrate competency to their _clients_. The keyword, of course, being clients. While I understand the need for the security industry as a whole to concentrate on quality education (certs being way over-valued, in fact as a whole we need to stand up to some of this over-reliance on broad certs in name only, ISACA and ISC2 in particular, which I think you do a good job of demonstrating), clients also need a standard on which to base their decisions. They (not necessarily as vendor-conscious as we are) know only a handful of certs in which they can recognize...CISSP, CISA, etc...A lot of these vendors (including some you mentioned), in this current environment of vying only for revenue/market share, are only adding to the confusion. It would be wonderful if the emphasis on certification was minimized and the focus was put more on quality subject matter. Look at OWASP, amazing subject matter, open to the public, and no certification in sight (I hope). Your idea about people educating themselves on education is a good one, but who educates the clients looking for a global, recognized, gold-seal of approval? Which in the end is what they need, right? In this case, a SOC that is staffed with intelligent, knowledgable folks who can perform high quality work. How else do they base their decision? Again, I apologize for my last post, it was a useless rant misdirected and totally out of line. Every bit of information you posted was informative (even if I disagree on your view of SANS) and very useful. ...I will know slowly back away, tail between legs... -mg On Sun, Mar 1, 2009 at 10:34 AM, Andre Gironda <andreg () gmail com> wrote:
On Sun, Mar 1, 2009 at 8:39 AM, Miller Grey <vigilantgregorius () gmail com> wrote:Maybe if you spent more time and effort on handling your awesome new responsibilities in the operations center than putting together long, drawn-out, overly-thoughtful emails, you would have an idea...and from your exhaustive list of schools, you already do.While you may feel that education and certification for the penetration-testing community/industry is less important than I do, I don't think that you have a right to tell anyone who is giving away tons of free information whether their time is wasted or not. My "idea" is that people should educate themselves about education. What's your idea? To spread the message that TL;DR bores you? dre
Current thread:
- Re: Security Certifications for SOC team Scott (Mar 03)
- Re: Security Certifications for SOC team Andre Gironda (Mar 03)
- RE: Security Certifications for SOC team Craig S. Wright (Mar 03)
- <Possible follow-ups>
- Re: Security Certifications for SOC team Miller Grey (Mar 03)
- Re: Security Certifications for SOC team Andre Gironda (Mar 03)
- Re: Security Certifications for SOC team Michael Condon (Mar 04)
- Re: Security Certifications for SOC team Andre Gironda (Mar 03)
- Re: Security Certifications for SOC team FS (Mar 10)
- Re: Security Certifications for SOC team Andre Gironda (Mar 03)