RE: Security Expert Certificates

["Johnson, Michael1 [IT]" <michael1.johnson () citigroup com>]

Personally I use certificates to motivate myself towards learning something... IE CCNP - better understanding of tcpip 
and routing/switch. SCP for java... Now I don't put these on my resume since I don't really look for jobs as  cisco 
switch expert. But it gives me a goal. I have a habit of starting to learn things then stop 1/2 way.



-----Original Message-----
From: dailydave-bounces () lists immunitysec com
[mailto:dailydave-bounces () lists immunitysec com]On Behalf Of Ken Pfeil
Sent: Friday, March 26, 2004 9:23 AM
To: dailydave () lists immunitysec com
Subject: RE: [Dailydave] Security Expert Certificates


FWIW, 

Firstly, there is no such animal as a "security expert certificate". The
people who tout themselves as "experts" are usually the first ones who wind
up with egg on their face (or are trying to sell you something). I don't
judge people by how many letters they can squeeze onto a business card, nor
will I necessarily hold it against you if you can prove that you have the
practical knowledge needed to do the job that you are interviewing for. Be
aware, however, that some of these "certifications" can become tantamount to
"extortion by conference (or so called "training")" in maintaining them. I
know some really sharp certified people, and I know quite a few "duds" as
well. It's a mixed bag. IMHO, some of the best people doing security work for
a living don't possess *any* certs.  I look mainly at experience,
professional accomplishments, contributions to the security community,
ability to work independently, _professional_ references, and yes, spelling
before I'll take a second look at a resume. (If you can't spell "Kerberos" or
"Administrator" odds are you either can't put together a coherent thought, or
you haven't *really* been doing what you say you were doing :) This is
generic across the board criteria, and gets *way* more specific and focused
with the specific skill set(s) needed. You never did say what you wanted a
certification for. If it is to add value to or improve your technical
skillset only, it's a waste of time IMHO. If you want to make it past the
buzzword-skimming, technically challenged, first-level person who is usually
screening resumes on the first round or need to paper over a hole in the
wall, it can't hurt you.

Just my .00002

Ken

PS: 
To the guy 3 inches from my face on the PATH train this morning: 
I *still* think you'd look kind of funny with that newspaper sticking out of
your ass...

-----Original Message-----
From: Aviv Revach [mailto:aviv_r () brillianet com] 
Sent: Friday, March 26, 2004 7:24 AM
To: dailydave () lists immunitysec com
Subject: [Dailydave] Security Expert Certificates


Hi,

I started thinking of taking some security exam in order to get
a security expert certificate. I surfed the net and came accross CISSP, SSCP,
and other certificates (such as Ethical Hacking by InfoSec) which force you
to take a course..

I wonder if anyone here has one of these certificates and can
give me an advice whether it's worth anything..
If you have any recommendations regarding other certificates -
I would be glad to hear them.


Best Regards,
Aviv Revach
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave