Re: Federally Mandated Certification of cybersecurity professionals?

[Pete Herzog <lists () isecom org>]

Hi,

> The field evolves far too quickly for it to be possible to create any
> meaningful technical exam and apply it across the entire
> InfoSec/CyberSecurity/bureaucratic buzzword of the day industry.  The

I don't think the question here is just one of technology. Since the 
changes (I'd need a good argument to call many of them "advances") do 
occur at a fast pace even if just to have a market differentiator, it 
would not have to be a technical exam in the way of knowing all the 
latest buzzword technology. It's not necessary outside of any type of 
specialization.

> Security field is expanding by leaps and bounds due to government
> mandates and increased security awareness among business leaders which
> means you need tens of thousands of young people with nothing but a
> college degree and maybe a security+ coming into the industry every
> year.  The best you can hope for is a thorough non-technical exam such
> as what we already have in the CISSP to verify that someone at least
> knows the nomenclature required to discuss the subject at hand.

That would be a bad idea because you would be then arming them with 
security trivia to what-- talk the systems into giving up their 
problems? I am biased because I know there can be strong, technical 
certification based on field and specialty. We designed the OPST to be 
specific to the security tester, the OPSA to be specific to the 
security analyst, and the OWSE to be specific to spectrum (aka 
wireless) analysts. All are technical in regards to proving a 
certified person is capable of efficiently working with technical 
systems and get meaningful and accurate results. Many times the "new" 
technology does not change much in the way of how these professionals 
operate. For example, an OPST is as capable of testing the latest of 
cloud computing as they are to test old school infrastructure. It is 
not because all these things are covered but that they are taught how 
to apply a formal methodology to any type of test by learning how they 
need to understand the underlying technology.

Sincerely,
-pete.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------