Full Disclosure mailing list archives
RE: Hacking Boot camps!: certifications
From: "wilder_jeff Wilder" <wilder_jeff () msn com>
Date: Wed, 23 Nov 2005 18:13:39 -0700
I wanted to chime in on all this SANS VS. any other certification VS. training...
The only thing a certification does for anyone is validate to a prospective employeer that you, at the time you took the test, knew enough to pass it. Depending on how high that bar is set will determine if you receive it or not. So I go take a test so my employeer knows that I am smart and I can do the things I claim.. things I already knew.
So, how you gain the information, through a crash course in buffer overflows or seed information that give you a topic of study... or a lifes worth of study on the topic means very little to an employeer. Its only the alphabet soup that they care about.
Want to know where the best bang for the buck is.... goto... www.dice.com... search for GIAC = 116 open positions search for CISSP = 677 open positionsSo am I any smarter for having my CISSP over a GIAC?... I dont think so.. but the employeers seem to thing so =)
So back to the hacking boot camps issue... I had my ethical hacking cert before I went to class, was I any smarter after I had the cert?.. No... well actually it was one of the hardest tests I've taken and still passed it without a book to study or the weeks class.
I have been to great classes, and some that where really a waist of time and alot of money to boot. But I ALWAYS found some value because I went for me.. and not another cert at the end of my name. Not everyone is going to have the answer for every question, I know I dont, I cant hold that against an instructor. If you get owned for 3500 bucks because you didnt investigate what it was that you where going to be learning... the courseware... or whatever it was that was that you bought... its because you allowed yourself to get owned. If the class you took didnot offer the information that you desired.. perhapse you should lookinto different material more SR. level.. or create your own certification maintain 20 tracks.. sell it.. promote it... =) so, I respect what they have done for the industry, its not an easy task.
I coauthored some courseware for a forensics management class... I've spent 100's of hours in prep to create it and deliver it.
My hats off to anyone who wants to share information at any level.. because you will always find someone at every level.
thats my $.02 worth -Jeff Wilder CISSP,CCE,C/EH,security+,ISSAP,ISSMP,MCP,INet+... yadda yadda yadda.. -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M-- V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++ G e* h--- r- y+++* ------END GEEK CODE BLOCK------
From: "Clement Dupuis" <cdupuis () cccure org> To: "'Koen Van Impe'" <koen.vanimpe () belnet be> CC: full-disclosure () lists grok org uk Subject: RE: [Full-disclosure] Hacking Boot camps! Date: Wed, 23 Nov 2005 18:06:48 -0500 MIME-Version: 1.0Received: from lists.grok.org.uk ([195.184.125.51]) by mc11-f1.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Wed, 23 Nov 2005 15:07:43 -0800 Received: from lists.grok.org.uk (localhost [127.0.0.1])by lists.grok.org.uk (Postfix) with ESMTP id DDF10CF7;Wed, 23 Nov 2005 23:07:12 +0000 (GMT) Received: from galilee0.sogetel.net (galilee0.sogetel.net [205.236.148.132])by lists.grok.org.uk (Postfix) with ESMTP id DB025B63for <full-disclosure () lists grok org uk>;Wed, 23 Nov 2005 23:07:02 +0000 (GMT) Received: from [69.51.205.98] (helo=amd3200plus)by galilee0.sogetel.net with esmtp (Exim 4.44)id IQFKKD-0003HI-O5; Wed, 23 Nov 2005 18:14:38 -0500X-Message-Info: JGTYoYF78jGKs0XkK+pqE3bF7cyg/XaKSmjuxlnoKAc= X-Original-To: full-disclosure () lists grok org uk Delivered-To: full-disclosure () lists grok org uk X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 Thread-Index: AcXwczMm87DbaalkSPWV7bMLVxIiNgAD1ZQQ X-ACL-Warn: Begin on scan on yes... X-Virus-Scanned: Scanned with Clam AntiVirus X-BeenThere: full-disclosure () lists grok org uk X-Mailman-Version: 2.1.5 Precedence: listList-Id: An unmoderated mailing list for the discussion of security issues<full-disclosure.lists.grok.org.uk> List-Unsubscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, <mailto:full-disclosure-request () lists grok org uk?subject=unsubscribe>List-Archive: <http://lists.grok.org.uk/pipermail/full-disclosure> List-Post: <mailto:full-disclosure () lists grok org uk> List-Help: <mailto:full-disclosure-request () lists grok org uk?subject=help>List-Subscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, <mailto:full-disclosure-request () lists grok org uk?subject=subscribe>Errors-To: full-disclosure-bounces () lists grok org uk Return-Path: full-disclosure-bounces () lists grok org ukX-OriginalArrivalTime: 23 Nov 2005 23:07:45.0034 (UTC) FILETIME=[B6A0E6A0:01C5F082]Good day InfoSecBOFH,Hum... It seems like you have something to settle with SANS, I really do notknow what they did to get you this mad or what negative experience you had to go through but they definitively are not on your white list. > - Their training is out of date I guess this is the growing pain. It becomes an unbelievable challenge to maintain over 20 tracks. I do not believe they are all outdated as you claim; all of tracks are usually updated a couple times a year. > - Most of their instructors are unqualified to answer any questions > that are not in their training books. Most of their classes have outstanding instructors such as Ed Skoudis, Mike Poor, Eric Cole, Chris Brenton, Jason Fosen, Joshua Wright, Bob Hillery, Marcus Sach, William Stearns, etc... These instructors will not onlyanswer questions on security topics but have also written the training booksand have been published in magazine and books as well. They are well respected in the community and very competent. If you would dare to call any of these instructors unqualified, you must have a very demanding level as far as an instructor is concerned. I totally disagree with your comment about them being unqualified, they are the best, and they are the people delivering a lot of the live classes. I have heard of some negative comments related to their other delivery mechanisms but their live classes are being done by great instructors. > - Most of their instructors will feed you with a marketing pitch for > their own consulting or product companies. Most instructors will introduce themselves within the first few minutes of the class and this is the extent of it. I think it is only fair to giveyour company credit as well as yourself. After all, it is your company thatgives you time to attend and teach in many cases. If any instructor goesabove and beyond this, they are out of line and not following their own codeof ethics. > - The so called "SANS What Works" program where they endorse vendors > who have products that actually work and help with infosec issues is a > sham. They will list any vendor that pays their 25K "fee" to be > listed. I must agree with you on this one, people think that the products featured are endorse and recommended by SANS but this is not the case. SANS is onlyshowcasing a company and what they have use with success or what has work intheir very specific case. The company has you have said has to pay a fair amount of money to have their case and product showcased. It is people reading about it that takes for granted that the productpresented is endorsed by SANS, it is stated clearly on the SANS website thatit is not the case. Of course, nobody from SANS has attempted to dispel the myth (to the joy of the people who have paid to be part of the program). I guess they see noreason to attempt doing so because it is stated clearly on the web site whatthe program is about. The name "SANS What Works" is somewhat misleading I must admit. A bit more information could be provided on what the program really is, what it stands for, and what is the endorsement being made. > - Here is how the pyramid works. You have Northcutt and Paller on the > top of things as the creators of this so called non-profit (yet they > have multi million dollar homes in Hawaii). They *USE* volunteers to > come up with training material and to run their "mentoring program". > Then, they take the volunteer work, hand it to their close friends who > also happen to be their full time instructors let them take credit for > it and have them deliver the course and of course pay them very well > for it. Nothing like making money for your 'non profit" on the backs > of volunteers who you still charge to attend the training BTW. Both Stephen Northcutt and Allan Paller have never claimed to be non profit because they know that they are not. Their web site and documentation does not pretend to be non profit either. Somehow there is this myth from the early days that has been going around about SANS and GIAC being non profit. On the training material side: The training material being developed for the past few years has been done by people who were compensated for their work and NOT free work as you claim. The local mentor are paid as well, they are not doing volunteer work. I have heard good comments and very sad comments about the delivery of the program. I guess you mileage will vary depending on who is the mentors. I do not know of any regular instructor who has taken someone else materialand claim it was their own. There is no volunteer that I know of, producingtraining material without getting paid for each slide if it is being used for training. In fact SANS has one of the most generous royalty programs out there. None of the large training organization out there will pay you royalties the way SANS does and the amount SANS does. I must give them credit on that side. You are right: SANS has the best pay in the industry. Do you have a specific example of someone who has developed a course, a short class, or anything for free and the material got used and abused as you claim by SANS or an instructor or SANS?I know SANS is not perfect, they are not what they use to be as a community,but they still deliver quality training and credit must be given to them where it belong. Other training vendors are doing nothing to give back to anyone. At least SANS are giving back to the community through many projects. Take care Clement _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Virus infections, (continued)
- Virus infections Geo. (Nov 23)
- Re: Virus infections Gary E. Miller (Nov 23)
- Re: Virus infections pingywon (Nov 23)
- RE: Virus infections Paul Craig (Nov 23)
- RE: Virus infections Debasis Mohanty (Nov 23)
- Re: Hacking Boot camps! InfoSecBOFH (Nov 23)
- Re: Hacking Boot camps! Koen Van Impe (Nov 23)
- Re: Hacking Boot camps! InfoSecBOFH (Nov 23)
- Re: Hacking Boot camps! Michael Holstein (Nov 23)
- RE: Hacking Boot camps! Clement Dupuis (Nov 23)
- RE: Hacking Boot camps!: certifications wilder_jeff Wilder (Nov 23)
- RE: [inbox] RE: Hacking Boot camps!: certifications Exibar (Nov 25)
- Re: Hacking Boot camps!: certifications R S (Nov 25)
- Re: Re: Hacking Boot camps!: certifications Valdis . Kletnieks (Nov 25)
- Re: Hacking Boot camps!: certifications R S (Nov 25)
- Re: Hacking Boot camps! Dude VanWinkle (Nov 23)
- Re: Hacking Boot camps! InfoSecBOFH (Nov 23)
- Re: Hacking Boot camps! Dude VanWinkle (Nov 23)
- RE: Hacking Boot camps! Edward W. Ray (Nov 23)
- RE: [inbox] Re: Hacking Boot camps! Exibar (Nov 25)
- Re: [inbox] Re: Hacking Boot camps! InfoSecBOFH (Nov 25)