Penetration Testing mailing list archives
RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE)
From: Shahin Ansari <zohal52 () yahoo com>
Date: Thu, 27 Jul 2006 06:38:34 -0700 (PDT)
I respectfully disagree with your view. Presenting a paper is very nice, but it represents a person's knowledge in a narrow area, which is usually not very helpful in work environment. If you are hiring manager for a noc, you don't need someone who can speak on let's say PKI for 1/2 hour. You need someone is has a broad knowledge of routing, and knows commands for the paltform your network uses, and as such I think Certification is good. I agree that it has become a way to make money and I don't appreciate that. I like to have a very imprtial view of vendors, but I think Cisco does an excellent job of documenting what someone needs to know to be effective in market. Further, I think ppl who pass an exam ( not cheating ) but pass it without hands on, definately deserve a shot at a position. Although they may struggle, I think passing an exam which you do not have equipment for shows character. Sean --- "Graves, Jamie" <j.graves () napier ac uk> wrote:
Hello, Funny that this should come up; Bruce Schneier covers this to a certain degree in the following article:
http://informationsecurity.techtarget.com/magLogin/1,291245,sid42_gci119
6098,00.html - Jamie -----Original Message----- From: Robert E. Lee [mailto:robert () dyadsecurity com] Sent: 27 July 2006 11:40 To: shreyas () technitium com Cc: shreyasonline () yahoo com; slamboy () gmail com; pen-test () securityfocus com Subject: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) The "practical application" portion of the CISCO CCIE certification is why organizations can trust the CCIE job applicant can serve a useful cisco networking function in their organization. Any certification that fails to measure the candidates actual ability to perform a useful function in the subject of the certification is useless (ala CEH, CISSP, CISA, CISM, which can all be passed with 0 years of experience). To the best of my knowledge about the current infosec certs, ISECOM's OPST (www.opst.org) and OPSA (www.opsa.org) come the closest to fulfilling the the practical measurement requirement. For what it's worth, we would not consider hiring a candidate who advertised that they have a CEH certification. If you want to stand out in an interview, perform a useful function that your peers respect you for. Presenting your ideas at conferences or contributing to computer security research papers and projects will get you a lot more credibility in a job interview than "hacking stories" or "hacker certifications". There are a lot of projects to choose from. If none of them excite you, start your own. ;) Robert -- Robert E. Lee Chief Information Officer http://www.dyadsecurity.com phone: (949) 394-2033 fax : (949) 486-6601 email: robert () dyadsecurity com
------------------------------------------------------------------------
------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------
------ This message is intended for the addressee(s) only and should not be read, copied or disclosed to anyone else outwith the University without the permission of the sender. It is your responsibility to ensure that this message and any attachments are scanned for viruses or other defects. Napier University does not accept liability for any loss or damage which may result from this email or any attachment, or for errors or omissions arising after it was sent. Email is not a secure medium. Email entering the University's system is subject to routine monitoring and filtering by the University.
------------------------------------------------------------------------------
This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) Graves, Jamie (Jul 27)
- RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) Shahin Ansari (Jul 27)
- <Possible follow-ups>
- RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) David Cross (Jul 27)
- Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) Syv Ritch (Jul 27)
- RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) Strand, John (Mission Systems) (Jul 29)
- RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) R. DuFresne (Jul 29)
- Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE) Pete Herzog (Jul 30)
- Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer ankur jindal (Jul 31)
- RE: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer Marc Munk (Jul 31)
- Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer Michal Merta (Jul 31)
- Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer Nathan Sportsman (Jul 31)