Re: Security Expert Certificates

[Darryl Luff <darryl () snakegully nu>]

Dave Aitel wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> My personal opinion is that they're not worth what you pay for them.
> While some employers do value them, I think if you are the type of
> person who would get one, you're better off having something like "Can
> write exploits" on your resume instead. I also know some employers who
> either ignore them completely, or count them against you - and you can
> read the old CISSP or GIAC "papers" to see why.

They used to be worth something if you worked for a company that does 
contracted security work, because marketers had a long list of 
qualifications they could put on bids, to impress the admin and 
management types evaluating the bids at the customer end. But these days 
people are less impressed with certifications and want to see lots of 
experience that's directly applicable to the current task.

I'm not so sure about the value of "can write exploits" either. At least 
in Australia, this still translates in a lot of peoples minds to "15 
year-old hacker". People don't see how experience writing exploits 
directly applies to getting their gateway through the 
government-specified gateway certification, or whatever else they are 
trying to achieve. Unless you're applying for a job at a security 
research organisation I guess!


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave