Re: Security Testing Certifications (was Mile2 Training (Certifications))

[Pete Herzog <lists () isecom org>]

Hi,

> ps. Don't forget about the OSSTMM courses which are available now !!!

The ISECOM professional security tester and analyst courses 
(www.isecom.org) have been running over 6 years now and are now defined by 
the OSSTMM 3 methodology.  So it isn't about ethical hacking or penetration 
testing but of the superset of security testing which includes elements of 
both as well as tests for compliance and the RAV metrics (you can see a 
video me talking about this at FOSDEM- see 
http://video.fosdem.org/2007/FOSDEM2007-SecurityTesting.ogg - you might 
need to download VLC to watch it so if anyone wants to convert it or post 
it on a video sharing site like Youtube, that'd be mighty cool of you). 
This all prepares you for the comprehensive certification exam and requires 
that you be able to perform a security test to pass.  So it is what we call 
an Applied Knowledge test which means it's not just about skill but about 
using what you know efficiently and precisely.  Our reasoning for this is 
so those who get their OPST or OPSA do really know what they're doing for a 
full security test.

The certification program has been growing well but we never pushed hard in 
the US market.  Now most Americans end up going to Canada and Mexico or 
even coming to Europe to get certified.  We do now have a training partner 
again in the US and even an exam center too.  See 
http://www.isecom.org/partners/training.shtml for details.

For those who don't know, ISECOM is an independent, open, non-profit 
organization with the mission to "make sense of security."  We are well 
known for the OSSTMM and our security metrics but also operate and 
participate in many other projects like OpenTC (www.opentc.net).  Our 
certification program comes from our research and has been defined by what 
is correct rather than by what makes for shiny marketing material.  So you 
might find yourself feeling very enlightened and very satisfied by the 
experience even if you have a few years of experience under your belt as 
most people perpetuate mistakes and bad habits for years before passing 
them on to those they mentor.

And by the way, although we never really made a big deal publicly about it, 
you can grab the spreadsheet for the security metrics at the ISECOM website 
as well.  Instructions on using it have been put into OSSTMM 2.2 available 
at www.osstmm.org.

Sincerely,
-pete.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------