Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OSCP

From: NeZa <danuxx () gmail com>
Date: Thu, 18 Dec 2008 16:20:54 -0600
Always the same discussion, why CISSP?
People says CISSP Sucks!!!!

What is funny, is that those persons who hate CISSP are not CISSP ... jajajaja.

All is about of money, but there are two kind of persons:

a) "Inmortales" (spanish word)
The ones who do not need any certification because of his talent and
demonstrated skills. Like: HD Moore, Dave Aitel, Cesar Cerrudo, Mat
Miller (skape), Daniel Regalado (me... jajajajajjajaa), so on.

These guys do not need to show a CISSP or any other security related
cert to get a job or project.

b) "Mortales" (spanish word):
Remaining persons, hahaha!!!!

We all need to get those kind of certifications to get a good job, i
just got hired here in USA because of those different credentials,
so... thanks isc2, thanks Mati Aharoni, thanks BSI Global jajajajajaja

We all need an opportunity to show our skills, but these certs are the
key to demonstrate what we can do, otherwise you get cut in the first
filter while trying to get a job when Employer says: CISSP
Required!!!!!!!!!


My 2 cents!!!!!!!


On Thu, Dec 18, 2008 at 1:53 PM, Wolf <wolfiroc () earthlink net> wrote:


I've been in the business for 24 years and hold 5 certifications, 4 of which I hold in more value than the CISSP.

The only reasons I hold a CISSP are:
Company paid for the whole thing - Bootcamp and Test
Company paid bonus for CISSP.

I have seen a number of CISSPs who are not qualified and this reinforced my opinion the "great testers can pass a 
test".


-----Original Message-----

From: jfvanmeter () comcast net
Sent: Dec 18, 2008 6:34 AM
To: pen-test () securityfocus com, pen-test-return-1078487582 () securityfocus com
Subject: Re: OSCP

I've followed the post for sometime, and I finally felt the need to jump in and share my 2 shiny centavos.

I don't believe you need to have a cert to be committed to the "trade" I've worked in security for 20 years and I 
don't have any certs and I'm very committed to security. I've worked with Solaris, Novell, Windows, DEC, DG, etc and 
I've seen security from many different angels and shades.

I believe certs demonstrate that a person has the ability to learn, but I feel that it should be back with experience.

If your looking for items to put on your resume, so when some HR person does a search your pop to the top of the 
list, I'm sure it works.

This is OMHA

//John
"When the legend becomes fact, print the legend."


-------------- Original message ----------------------
From: "JB" <pentest () jitonline net>

I hold both a CISSP and a OSCP... here is why:

The CISSP does not claim technical competence... it means that
1. The holder knows at least a little about each of the 10 domains and has
proved it
2. That the holder is committed to continuing security education
3. The holder has held some role with security responsibilities for at
least 3-4 years

It is an easy way to weed out people who are actually willing to put in
the time on security and really have the interest.

A CISSP is NOT a technical certification

The OSCP is a certification that demonstrate that the holder at least has
a semblance of a clue how to use common security tools. To pass the OSCP,
you actually have to PERFORM a penetration test - that means get SYSTEM or
root on multiple machines using only the basic tools (Nessus, Core Impact,
etc are not permitted, and the vulnerabilities do not have metasploit
modules written for them). It is not a point and click certification. That
being said... you do not have to be the most skilled hacker to get
certified.

So why certify? Certification demonstrates active commitment to the
trade... not that the holder is the most worthy candidate for a job. That
is what the interview and recommendations are for!!! When I interview a
candidate for employment, I tend to ask situational questions to assess
whether the person before me actually knows what he is talking about, or
pulling it out of his a$$. I also ask the candidate to discuss challenges
that he has faced in his performance of security duties (and we have all
faced challenges). In the end, I will make my decision based not solely on
a certification. That being said... if I have two EQUALLY qualified
candidates (experience, interview, etc match up closely), then yes -
certification may become a tie breaker as the one who has spent the
additional time to obtain and maintain the certification shows a stronger
commitment to security.

JB


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------






-- 
Daniel Regalado aka NeZa
Hacker Wanna Be from Nezahualcoyotl

www.macula-group.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: