Re: [fw-wiz] Certification ?

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 06/19/04

  • Next message: Paul D. Robertson: "Re: Certification (was Re:[fw-wiz] Vulnerability Response)"
    To: Don Parker <dparker@rigelksecurity.com>
    Date: Fri, 18 Jun 2004 18:25:15 -0400 (EDT)
    
    

    On Thu, 17 Jun 2004, Don Parker wrote:

    > All certs are not created equal. Have you yourself attempted a GIAC cert? I assure you it

    While they're all not created equal, there's lots of memorization, even
    for "practical" tests.

    > is no easy task, and it is most definitely not simply rote memorization. You are making
    > blanket statements just like the other much debated Ethical Hacking training thread. Some
    > are good and some are bad. It is as simple as that. Bottom line is go for a cert that has
    > a practical portion to it, vice simply a multiple choice exam.

    I've been trying to stay out of this- as my views haven't changed since
    the last sixteen million times we discussed this, but let's get this
    straight- bottom line is that we've still got way more cluefull
    non-certified people running around than make sense if certifications are
    supposed to mean anything. We also have way too many idiots with
    certifications running around- regardless of which certification it is.

    I know lots of people with GIAC and CISSP certifications who I don't
    consider to be anything but junior folks. Most of them, I wouldn't let
    secure my home network. Lots and lots of people go through the GIAC mill-
    many of them are disappointed by the entire process (I've heard quite a
    bit of complaining in the last 6 months that it's too easy and not at all
    rewarding a process, especially as a "take the training then test" thing.)

    Now, I've helped to create a purposefully junior certification, and I
    _know_ the process isn't easy- but from what I've seen of every
    certification process I've looked at in the last decade, only the original
    CCIE looked hard- I'm not sure how it is since they've split it up though.

    I still think we're mostly in a "if you need the cert, it's because you
    haven't done the deeds" mode- and as much as the certification folks try
    to address that, we're at a point where it just doesn't seem to be well
    addressed.

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul D. Robertson: "Re: Certification (was Re:[fw-wiz] Vulnerability Response)"

    Relevant Pages