Re: Is there a scam in Security Certifications

["Maudite MLRL" <maudite.mlrl () gmail com>]

I too have the CEH, and the CISSP and soon CISA..... (some cisco, some
sniffer pro, ...)

They have not made a difference in getting positions for me. All have
been required after the fact and paid for by my companies to prove a
level of competence among the staff for some 3 letter agency.

Certs are what you make of them. I view it more as a training class
and the cert is a bonus. The CEH for me was very basic, most of my
free time went to talking with the instructor who was a professional
pen tester and did this part time for "special clients" (at this time
a 3 letter agency). We traded tools and scripts and tricks. That
networking made it' worth the $$ my company paid and I found another
resource for me when I run into a problem.

You can't base a persons competence on passing a test. I have run into
"expert" clients that have any mixture of certs. You need to put
together a base that allows you to know when you are being BS'd and
how to ask the pointed questions to root them out.

No matter what they say, its just a training experience. Certs are for HR.

Maudite
Senior Lead IT Auditor


On 5/31/06, xelerated <xelerated () gmail com> wrote:
> Good research.... alarming to say the least.
>
> I have a CEH cert. now im bummed.
>
> But I also took the class. I did like the class, and it did have some
> value for me.
> I dont regret taking it at all. It filled in a few gaps that I had.
>
> Makes me wonder about going after any others though.
>
>
>
> On 28 May 2006 05:56:45 -0000, adich71 () yahoo com <adich71 () yahoo com> wrote:
> > I came across these posts recently at a forum
> >
> >
> > There is more hype than substance in EC-Council.
> >
> >
> > Check this link https://esos.state.nv.us/SOSServices/AnonymousAccess/CorpSearch/CorpDetails.aspx?CorpID=429981
> >
> >
> > EC-Council or International Council of ECommerce Consultants is a Nevada incorporated company and has NO office in 
> New York as they claim. Pay them a visit and there is absolutely NOTHING there. Any enquiry called is always met with one 
> response - please email. Try checking their claims before you invest in their products
> >
> >
> > EC-Council had announced an university earlier this year at Wyoming. They claim the certifications would get credits 
> for their masters program. Its a diploma paper mill at best that will have its license revoked sooner or later as per the 
> legislature revoking all unaccredited programs. Check this link  http://legisweb.state.wy.us/2006/Digest/SF0069.htm
> >
> >
> > From their university website "EC-Council University is licensed by the State of Wyoming under Wyo. Stat. 21-2-401 through 
> 21-2-407 and neither the Department of Education nor the Wyoming State Board of Education has accredited or endorsed any course of 
> study offered by EC-Council University"
> >
> >
> > If you check their members list as well, you will realize that most of them are ficticious or hardly involved. 
> Renaming the only program they sell is not going to fool the government for long I guess.
> >
> >
> > Check this link http://www.eccouncil.org/cnda.htm and compare it with http://www.eccouncil.org/CEH.htm - Its the same 
> thing. What is the value for existing CEH if they are going to certify some of the candidates as CNDA?
> >
> >
> > Everything is the same. There is no alteration. Its not just money here... If some of us are going to be CEH and some 
> CNDA, wont one destroy the value of the other? They are out to squeeze every last drop of money they can - think about 
> it... To do LPT, you must have attended training. Check their website http://eccouncil.org/lpt/LPT-Course-Outline.htm
> >
> >
> > Look at the cost - 2500 USD and see what you get in return
> >
> >
> > Plaque with your name on it
> >
> > LPT License card
> >
> > Resource CD-ROMS
> >
> > LPT T-shirts
> >
> > LPT caps
> >
> > LPT Certificate
> >
> > LPT Lapel Pin
> >
> > Membership ID
> >
> >
> > The million dollar question - license for what???
> >
> >
> >
> > Why dont we go to archive.org to the wayback machine (as shown in CEH course) and look at EC-Council's site. ECSA / 
> ECSP/ ECAD / LPT / etc have been announced more than a year ago. Why are there no certifications coming out yet?
> >
> >
> > The funniest part is that nobody else claims LPT is prestigious - nor is there an industry demand or recognition. LPT 
> will grant you the license (to do what???). Please mail them and ask what the license stands for?
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Concerned about Web Application Security?
> > Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> > Choice Award from eWeek. As attacks through web applications continue to rise,
> > you need to proactively protect your applications from hackers. Cenzic has the
> > most comprehensive solutions to meet your application security penetration
> > testing and vulnerability management needs. You have an option to go with a
> > managed service (Cenzic ClickToSecure) or an enterprise software
> > (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> > help you: http://www.cenzic.com/news_events/wpappsec.php
> > And, now for a limited time we can do a FREE audit for you to confirm your
> > results from other product. Contact us at request () cenzic com for details.
> > ------------------------------------------------------------------------------
> >
> >
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request () cenzic com for details.
> ------------------------------------------------------------------------------


--

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------