Re: Information security certifications diversity and getting lost

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas Ptacek wrote:
> How do you plan on solving the problems the CISSP has?
>
> 1. People will "teach to the test".
>
> 2. Certs get stale fast.
>
> 3. Cert businesses are high-overhead, but the IP for a cert is hard
>  to protect (if your cert is going to be fair and meaningful).

I would say the problem with the CISSP is "irrelevance" but that's
just me. We passed out "Not a CISSP" buttons at DefCon and they were a
big hit. To get one you had to not have CISSP on your business card
though. :>

For practicals like "write me this buffer overflow", it's much harder
to "teach to the test" while avoiding imparting useful knowledge. We
keep people from rote memorization of the VisualSploit picture by
having the executable be randomized for each test taker.

"""

Dave,
  THat sounds like a really interesting idea but wouldn't win xp sp2
be more realistic? I would want someone at the basic level to at least
understand trampolines as jmping straight to the stack would work on
your test but is unrealistic in the real world.
Thanks,
David Weston
FGM, Inc
"""

Jumping straight to the stack would not work on our test as the stack
would be at a semi-random address each time, depending on thread
initialization.

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG5ZvxtehAhL0gheoRAsD1AJ9vIZDQ837MBJIHl0V6cEvFE6EBHgCfZ6LT
3Msnqp7c5jPkIuAna0P1SO0=
=4C2T
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave