Re: Certifications

[Scott Renna <srenna () vdbmusic com>]

Most recruiters don't even know what GIAC is.  The ones that do are the 
ones I talk to.


Clement Dupuis wrote:
> One of the big problems is the marketing behind some of the certification
> and the way people interpret what they are.
>
> A certification like the CISSP is NOT an in depth certification.  Let's face
> it, you need to have  3 years experience plus a degree in one or more of the
> 10 domains of expertise and this does not have to be continuous experience.
> If you do not have a degree, you then need 4 years.
>
> This means that someone who has been doing strictly doing physical security
> for 4 years is allowed and entitled to sit for the exam.  If he studies
> adequately and prepare himself, there are good chances that he can axe the
> exam with 6 months of thorough studies.  Does this makes him a security
> expert: NO Does this improve his general knowledge of security and make him
> more aware that there is more than physical security to contribute to the
> overall security of his company: YES.
>
> A few letters behind your name will not get you those HIGH paying jobs that
> unscrupulous people often promise.  Experience and a proven track record in
> the field will.
>
> I think there should be a certification about understanding certifications
> given to head hunters and recruiters out there.  They would understand that
> you do not have to ask for a CISSP to manage your firewall.  They would
> understand that an MCSE is not required to do Linux Security.  Something it
> is hilarious to see their job posting and what they are asking for.
>
> Clement
>
>
>
>
> -----Original Message-----
> From: full-disclosure-admin () lists netsys com
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Scott Renna
> Sent: Monday, November 22, 2004 12:37 PM
> To: pingywon MCSE
> Cc: 'Paul'; full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Certifications
>
> I try to be considerate and leave our industry open to all, but 
> bootcampers I have met....sheeesh, you may as well just had over the 
> keys to the castle.  In many cases, they think they know what they are 
> doing and weaken the security overall of the network.  i deal with this 
> daily with my "higher-ups"
>
> Honestly, it kind of makes me sad that I have a CISSP as I've recently 
> met several supposed Security Experts that have those 5 letters attached 
> to their name and know NOTHING.
>
> That's why I recommend GIACs.  GIACs actually demonstrate you know what 
> you are talking about
>
> pingywon MCSE wrote:
>
> > Well this is one area I have dealt with too many times. For anyone who has
> > spent anytime on the MS cert new groups you all know what im talking
>
> about. 
>
> > People who are already employed in IT with out any certs are the firsts
>
> ones
>
> > to say how worthless they are and how everyone who has them "just
>
> memorized"
>
> > a bunch of questions. 
> >
> > People who have some certs - and might only be in the position they are in
> > today due largely to some certs would tend to disagree. 
> >
> > I have also worked for one of these "boot camp" schools (for a total of
> > about 3 months-shame on me)
> >
> > The inherent problem is that while the "boot camps" do serve their purpose
> > to people who need brushing up to gain some certs - people that already
>
> have
>
> > a solid base to build upon - those aren't the people that go to boot camps
>
> .
>
> > It doesn't matter if it is a 2 week boot camp or a 6 month one.
> > The people that go to these boot camps are roofers and construction
>
> workers
>
> > who want a way out of their current employment situation. While that is
>
> all
>
> > well and good these people do not make the best candidates for IT work
>
> (with
>
> > no background knowledge) and the boot camps don't care (no matter if its
>
> MS
>
> > er cisco boot camps) They just want their $$ ......like cattle I suppose.
> >
> >
> > Has this brought down the "bar" on what a cert means? ...it sure has
> > Does it mean everyone with certs doesn't know anything? Not at all
> >
> > Most employers take certs for granted..And now they are EXPECTED - before
> > the cert use to be a distinguishing mark, now it is given
> >
> > ~pingywon MCSE
> >
> > http://www.pingywon.com
> > -----Original Message-----
> > From: full-disclosure-admin () lists netsys com
> > [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Paul
> > Sent: Monday, November 22, 2004 02:57
> > To: full-disclosure () lists netsys com
> > Subject: [Full-disclosure] Certifications
> >
> > While I gotta agree that experience is what
> > counts, what (if any) specialist certs should a
> > tertiary student, with a special interest in
> > security, use to underpin their prac?
> >
> > P.S. If I'm too ignorant to warrant a civil
> > answer, like being told to go to the movies, my
> > apologies in advance so no flame needed.
> >
> > =====
> >
> > one step at a time...
> >
> >
> >
> > Find local movie times and trailers on Yahoo! Movies.
> > http://au.movies.yahoo.com
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> > ---
> > Incoming mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.797 / Virus Database: 541 - Release Date: 11/15/2004
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html