Re: Seeking views on importance of certification

[Irwan Hadi <irwanhadi () phxby com>]

On Mon, Feb 16, 2004 at 10:17:29AM -0900, Ed Spencer wrote:

> With most certification you'll find a number of years pass before they are
> recognized readily by the HR departments at most companies and it really
> 'catches on'.  I found this to be true of the A+ certification when it was
> originally introduced in the early 90's.  It was 3-4 years before anyone
> ever asked me if I had the certification at all.  Having already surpassed
> the intial hurdle of getting a degree, certification is a good road to start
> down to increase your chances of meeting  a 'hiring criteria checklist' used
> by many HR departments.  With your desire to move into the security area I'd
> start with Security+.  Even though it's a new certification and unlikely to
> appear as a 'requirement' for a job, it will give you a good start on
> security certification by providing an introduction to the types of
> questions you'll experience on other tests.  From there I'd look at SSCP
> (https://www.isc2.org/cgi/content.cgi?category=20), the CISSP's lesser
> cousin also offered by ISC2.  If you don't have the requisite experience for
> this certification I'd consider vendor specific certification like
> Microsoft's MCSA:Security
> (http://www.microsoft.com/learning/mcp/mcsa/security/windows2000.asp) as
> well as other vendor-neutral certification like RSA's SCNP/SCNA
> (http://www.securitycertified.net/) or GIAC's GSE (http://www.giac.org/).

SCNP is actually an interesting case...
If you do a whois lookup for securitycertified.net, you get:
Registrant:
PETERSON, WARREN (SECURITYCERTIFIED2-DOM)
   Following the book,
   Very good, IL 31337
   US

   Domain Name: SECURITYCERTIFIED.NET

   Administrative Contact:
      PETERSON, WARREN  (WPL51)         GoAway () YouDidALookup Net
      Following the book,
      Very good, IL 31337
      US
      123-453-1337 fax: 123 123 1234

   Technical Contact:
      Network Solutions, Inc.  (HOST-ORG)
customerservice () networksolutions com
      13200 Woodland Park Drive
      Herndon, VA 20171-3025
      US
      1-888-642-9675 fax: 571-434-4620

   Record expires on 06-Oct-2007.
   Record created on 06-Oct-2000.
   Database last updated on 16-Feb-2004 20:48:42 EST.

   Domain servers in listed order:

   NS.APOLLOHOSTING.COM         216.147.43.193
   NS2.APOLLOHOSTING.COM        216.147.1.144

[phxby@phxby tmp]$


now if you do a lookup for 'youdidalookup.net'

[phxby@phxby tmp]$ whois youdidalookup.net

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

No match for "YOUDIDALOOKUP.NET".

> > > Last update of whois database: Mon, 16 Feb 2004 18:55:01 EST <<<



why it seems to me that it is very easy to hijack this
securitycertified.net domain name since you can own the administrative
address for this domain?

Honestly, I wouldn't consider to take any certification from a vendor
that looks silly like this, and the certification that this vendor
offers is a 'security' certification?!

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------