Re: Security Expert Certificates

["Aviv Revach" <aviv_r () brillianet com>]

Hi all,

I agree with most of the things that were said so far.
I too believe that experience and actual knowledge counts way more than any
'expert' diploma.

I first came to this acknowledgment while studying for my degree
in CS. It seems that many graduating students don't have any real clue
regarding actual work. They did learn several programming languages
and passed some exams but in fact, did nothing in practice.

As Ken said, if my target is to pass any resume screening (and in the
future it would..), CISSP as a buzzword would definitely do the trick ..
I disagree with Ken's saying that a certificate would only effect a
"technically challenged,
first-level person". If employee' were only to hire people by their skills
(how
would they validate those?) without 'proven' knowledge
(certificates/degrees), they would
have to spend way too much time for each individual applicant..
Indeed, A CISSP applicant should *not* be considered as a 'security expert'
but IMHO, he
does have some 'proven' knowledge that an employee can trust on.


Thank you all for your replies. I think that my intention is clear now.
I still lack of recommendations regarding certficates that count more than
others in
employee' prospective...


Regards,
Aviv Revach

----- Original Message ----- 
From: "Ken Pfeil" <kpfeil () capitaliq com>
Subject: RE: [Dailydave] Security Expert Certificates
To: <dailydave () lists immunitysec com>
Message-ID:
<61F3C0F6D66F5E40AD58259B1B6EBC55073E20 () hotcorner capiqcorp com>
Content-Type: text/plain; charset="us-ascii"

FWIW,

Firstly, there is no such animal as a "security expert certificate". The
people who tout themselves as "experts" are usually the first ones who wind
up with egg on their face (or are trying to sell you something). I don't
judge people by how many letters they can squeeze onto a business card, nor
will I necessarily hold it against you if you can prove that you have the
practical knowledge needed to do the job that you are interviewing for. Be
aware, however, that some of these "certifications" can become tantamount to
"extortion by conference (or so called "training")" in maintaining them. I
know some really sharp certified people, and I know quite a few "duds" as
well. It's a mixed bag. IMHO, some of the best people doing security work
for
a living don't possess *any* certs.  I look mainly at experience,
professional accomplishments, contributions to the security community,
ability to work independently, _professional_ references, and yes, spelling
before I'll take a second look at a resume. (If you can't spell "Kerberos"
or
"Administrator" odds are you either can't put together a coherent thought,
or
you haven't *really* been doing what you say you were doing :) This is
generic across the board criteria, and gets *way* more specific and focused
with the specific skill set(s) needed. You never did say what you wanted a
certification for. If it is to add value to or improve your technical
skillset only, it's a waste of time IMHO. If you want to make it past the
buzzword-skimming, technically challenged, first-level person who is usually
screening resumes on the first round or need to paper over a hole in the
wall, it can't hurt you.

Just my .00002

Ken

PS:
To the guy 3 inches from my face on the PATH train this morning:
I *still* think you'd look kind of funny with that newspaper sticking out of
your ass...


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave