Penetration Testing mailing list archives

RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE)

From: Shahin Ansari <zohal52 () yahoo com>
Date: Thu, 27 Jul 2006 06:38:34 -0700 (PDT)

I respectfully disagree with your view.  Presenting a
paper is very nice, but it represents a person's
knowledge in a narrow area, which is usually not very
helpful in work environment. If you are hiring manager
for a noc, you don't need someone who can speak on
let's say PKI for 1/2 hour.  You need someone is has a
broad knowledge of routing, and knows commands for the
paltform your network uses, and as such I think
Certification is good.  I agree that it has become a
way to make money and I don't appreciate that.  I like
to have a very imprtial view of vendors, but I think
Cisco does an excellent job of documenting what
someone needs to know to be effective in market. 
Further, I think ppl who pass an exam ( not cheating )
but pass it without hands on, definately deserve a
shot at a position.  Although they may struggle, I
think passing an exam which you do not have equipment
for shows character.

Sean

--- "Graves, Jamie" <j.graves () napier ac uk> wrote:

Hello,

Funny that this should come up; Bruce Schneier
covers this to a certain
degree in the following article:

http://informationsecurity.techtarget.com/magLogin/1,291245,sid42_gci119

6098,00.html

- Jamie

-----Original Message-----
From: Robert E. Lee [mailto:robert () dyadsecurity com]

Sent: 27 July 2006 11:40
To: shreyas () technitium com
Cc: shreyasonline () yahoo com; slamboy () gmail com;
pen-test () securityfocus com
Subject: Hacker Stories, Certs, vs Projects - Was
Re: Technitium MAC
Address Changer v3.1 (FREEWARE)

The "practical application" portion of the CISCO
CCIE certification is
why organizations can trust the CCIE job applicant
can serve a useful
cisco networking function in their organization. Any
certification that
fails to measure the candidates actual ability to
perform a useful
function in the subject of the certification is
useless (ala CEH, CISSP,
CISA, CISM, which can all be passed with 0 years of
experience). To the
best of my knowledge about the current infosec
certs, ISECOM's OPST
(www.opst.org) and OPSA (www.opsa.org) come the
closest to fulfilling
the the practical measurement requirement. For what
it's worth, we would
not consider hiring a candidate who advertised that
they have a CEH
certification. 

If you want to stand out in an interview, perform a
useful function that
your peers respect you for. Presenting your ideas at
conferences or
contributing to computer security research papers
and projects will get
you a lot more credibility in a job interview than
"hacking stories" or
"hacker certifications".  There are a lot of
projects to choose from.
If none of them excite you, start your own. ;)  

Robert

-- 
Robert E. Lee
Chief Information Officer
http://www.dyadsecurity.com

phone: (949) 394-2033
fax  : (949) 486-6601
email: robert () dyadsecurity com

------------------------------------------------------------------------

------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only
one to win the
Analyst's 
Choice Award from eWeek. As attacks through web
applications continue to
rise, 
you need to proactively protect your applications
from hackers. Cenzic
has the 
most comprehensive solutions to meet your
application security
penetration 
testing and vulnerability management needs. You have
an option to go
with a 
managed service (Cenzic ClickToSecure) or an
enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how
a managed service
can 
help you:
http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit
for you to confirm
your 
results from other product. Contact us at
request () cenzic com for
details.

------------------------------------------------------------------------

------

This message is intended for the addressee(s) only
and should not be read, copied or disclosed to
anyone else outwith the University without the
permission of the sender.
It is your responsibility to ensure that this
message and any attachments are scanned for viruses
or other defects. Napier University does not accept
liability for any loss
or damage which may result from this email or any
attachment, or for errors or omissions arising after
it was sent. Email is not a secure medium. Email
entering the 
University's system is subject to routine monitoring
and filtering by the University.

------------------------------------------------------------------------------

This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only
one to win the Analyst's
Choice Award from eWeek. As attacks through web
applications continue to rise,
you need to proactively protect your applications
from hackers. Cenzic has the
most comprehensive solutions to meet your
application security penetration
testing and vulnerability management needs. You have
an option to go with a
managed service (Cenzic ClickToSecure) or an
enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how
a managed service can
help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit
for you to confirm your
results from other product. Contact us at
request () cenzic com for details.

------------------------------------------------------------------------------



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------

Current thread:

RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) Graves, Jamie (Jul 27)
- RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) Shahin Ansari (Jul 27)
- <Possible follow-ups>
- RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) David Cross (Jul 27)
  - Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) Syv Ritch (Jul 27)
    - Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) Bob Foxworth (Jul 31)
  - RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) Strand, John (Mission Systems) (Jul 29)
  - RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) R. DuFresne (Jul 29)
  - Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) Pete Herzog (Jul 30)
    - Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer ankur jindal (Jul 31)
    - RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer Marc Munk (Jul 31)
    - Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer Michal Merta (Jul 31)
    - Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer Nathan Sportsman (Jul 31)

(Thread continues...)