Re: [fw-wiz] Certification ?

From: Paul D. Robertson (
Date: 06/19/04

  • Next message: Paul D. Robertson: "Re: Certification (was Re:[fw-wiz] Vulnerability Response)"
    To: Don Parker <>
    Date: Fri, 18 Jun 2004 18:25:15 -0400 (EDT)

    On Thu, 17 Jun 2004, Don Parker wrote:

    > All certs are not created equal. Have you yourself attempted a GIAC cert? I assure you it

    While they're all not created equal, there's lots of memorization, even
    for "practical" tests.

    > is no easy task, and it is most definitely not simply rote memorization. You are making
    > blanket statements just like the other much debated Ethical Hacking training thread. Some
    > are good and some are bad. It is as simple as that. Bottom line is go for a cert that has
    > a practical portion to it, vice simply a multiple choice exam.

    I've been trying to stay out of this- as my views haven't changed since
    the last sixteen million times we discussed this, but let's get this
    straight- bottom line is that we've still got way more cluefull
    non-certified people running around than make sense if certifications are
    supposed to mean anything. We also have way too many idiots with
    certifications running around- regardless of which certification it is.

    I know lots of people with GIAC and CISSP certifications who I don't
    consider to be anything but junior folks. Most of them, I wouldn't let
    secure my home network. Lots and lots of people go through the GIAC mill-
    many of them are disappointed by the entire process (I've heard quite a
    bit of complaining in the last 6 months that it's too easy and not at all
    rewarding a process, especially as a "take the training then test" thing.)

    Now, I've helped to create a purposefully junior certification, and I
    _know_ the process isn't easy- but from what I've seen of every
    certification process I've looked at in the last decade, only the original
    CCIE looked hard- I'm not sure how it is since they've split it up though.

    I still think we're mostly in a "if you need the cert, it's because you
    haven't done the deeds" mode- and as much as the certification folks try
    to address that, we're at a point where it just doesn't seem to be well

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation
    firewall-wizards mailing list

  • Next message: Paul D. Robertson: "Re: Certification (was Re:[fw-wiz] Vulnerability Response)"

    Relevant Pages