Re: Is there a scam in Security Certifications



Hi,

Wyoming apparently has a problem with diploma mills. You can see it in this list:

http://www.k12.wy.us/F/psl/degree.html

Then there is this article which says:

_Board postpones private school license_ By JENNI DILLON
Star-Tribune staff writer Thursday, November 17, 2005

"EC-Council University will have to wait a while longer for a license to operate in Wyoming, the state Board of Education said Wednesday."

"...Colleen Anderson, who works in the department's finance office, said the department has concerns about the school's relationship with EC-Council, another corporation with the same owners that issues certificates in the same subjects and produces textbooks and curriculum. She said the department also is unsatisfied with financial documents provided by the university and about students who could misread implied claims of accreditation by the university."

http://www.casperstartribune.net/articles/2005/11/17/news/casper/9376670ca7785260872570bc00068e27.txt


There's nothing wrong with providing certification in a manner that proves a person's ability to do something outside of the university system. But diploma mills are a problem and an embarrassment for those who are caught with them:

http://www.reason.com/0501/fe.ps.cut.shtml

I am afraid of possibly falsely marketed diplomas and even more scared of the people who buy them. In this socially and digitally networked world, we are all reliant on each other to what we say we can do. Lack of ability has caused many problems from small to grand (http://www.wired.com/wired/archive/14.06/start.html?pg=9) over the years and as we need to depend on someone in a position knowing how to do his/her job. In security, maybe some of you think (oh it's only for testing web pages) but maybe that's just today. The pen tester today is in a good position to be tomorrow's transport security auditor, security manager, electronic health inspector, network medical technician, etc. The fact that there are so many security personnel out there with fictitious or fraudulent knowledge and ability (known or unknown to themselves) is a very scary thing to me.

You can look up info on diploma mills yourself:

http://www.web-miner.com/deunaccredited.htm

http://www.degree.net/html/diploma_mills.html

Sincerely,
-pete.


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------



Relevant Pages

  • Re: Will the real hacker please stand up and raise their hand
    ... security concepts, but cannot run a sniffer to save their life, ... Subject: Hackers and Employment ... managed service or an enterprise software ... Download FREE whitepaper on how a managed ...
    (Pen-Test)
  • Re: Pentester convicted..
    ... and thus politely forcing them take responsibility for the protection of privacy of the data they carry. ... and ignored the first 2 reports. ... A security pro notices a flaw, checks to make sure he is not on crack ... Download FREE whitepaper on how a managed service ...
    (Pen-Test)
  • Re: [lists] Re: What to spend on a pentest
    ... Only the vulnerability test needs to be performed by a visa certified vulnerability tester. ... You'll notice the annual pen-test requirement in 11.3 doesn't specify that ... > Officer Information Systems Security infosysec.net ... You have an option to go with a managed service (Cenzic ...
    (Pen-Test)
  • Re: What is being a pen tester really like?
    ... network architecture, security awareness, etc. ... >> What I would like to know is what is being a pen tester really like? ... As attacks through web applications continue to rise, ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • Re: Licensed Penetration Tester LPT
    ... Subject: Licensed Penetration Tester LPT ... Expert in Security Policy Assessments ... applications continue to rise, ... how a managed service can ...
    (Pen-Test)