Re: Is there a scam in Security Certifications

[Pete Herzog <lists () isecom org>]

Hi,

Wyoming apparently has a problem with diploma mills.  You can see it in 
this list:

http://www.k12.wy.us/F/psl/degree.html

Then there is this article which says:

_Board postpones private school license_ By JENNI DILLON
Star-Tribune staff writer Thursday, November 17, 2005

"EC-Council University will have to wait a while longer for a license to 
operate in Wyoming, the state Board of Education said Wednesday."

"...Colleen Anderson, who works in the department's finance office, said 
the department has concerns about the school's relationship with 
EC-Council, another corporation with the same owners that issues 
certificates in the same subjects and produces textbooks and curriculum. 
She said the department also is unsatisfied with financial documents 
provided by the university and about students who could misread implied 
claims of accreditation by the university."

http://www.casperstartribune.net/articles/2005/11/17/news/casper/9376670ca7785260872570bc00068e27.txt 


There's nothing wrong with providing certification in a manner that 
proves a person's ability to do something outside of the university 
system.  But diploma mills are a problem and an embarrassment for those 
who are caught with them:

http://www.reason.com/0501/fe.ps.cut.shtml

I am afraid of possibly falsely marketed diplomas and even more scared 
of the people who buy them.  In this socially and digitally networked 
world, we are all reliant on each other to what we say we can do.  Lack 
of ability has caused many problems from small to grand 
(http://www.wired.com/wired/archive/14.06/start.html?pg=9) over the 
years and as we need to depend on someone in a position knowing how to 
do his/her job.  In security, maybe some of you think (oh it's only for 
testing web pages) but maybe that's just today.  The pen tester today is 
in a good position to be tomorrow's transport security auditor, security 
manager, electronic health inspector, network medical technician, etc. 
The fact that there are so many security personnel out there with 
fictitious or fraudulent knowledge and ability (known or unknown to 
themselves) is a very scary thing to me.

You can look up info on diploma mills yourself:

http://www.web-miner.com/deunaccredited.htm

http://www.degree.net/html/diploma_mills.html

Sincerely,
-pete.


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------