Re: Is there a scam in Security Certifications


Wyoming apparently has a problem with diploma mills. You can see it in this list:

Then there is this article which says:

_Board postpones private school license_ By JENNI DILLON
Star-Tribune staff writer Thursday, November 17, 2005

"EC-Council University will have to wait a while longer for a license to operate in Wyoming, the state Board of Education said Wednesday."

"...Colleen Anderson, who works in the department's finance office, said the department has concerns about the school's relationship with EC-Council, another corporation with the same owners that issues certificates in the same subjects and produces textbooks and curriculum. She said the department also is unsatisfied with financial documents provided by the university and about students who could misread implied claims of accreditation by the university."

There's nothing wrong with providing certification in a manner that proves a person's ability to do something outside of the university system. But diploma mills are a problem and an embarrassment for those who are caught with them:

I am afraid of possibly falsely marketed diplomas and even more scared of the people who buy them. In this socially and digitally networked world, we are all reliant on each other to what we say we can do. Lack of ability has caused many problems from small to grand ( over the years and as we need to depend on someone in a position knowing how to do his/her job. In security, maybe some of you think (oh it's only for testing web pages) but maybe that's just today. The pen tester today is in a good position to be tomorrow's transport security auditor, security manager, electronic health inspector, network medical technician, etc. The fact that there are so many security personnel out there with fictitious or fraudulent knowledge and ability (known or unknown to themselves) is a very scary thing to me.

You can look up info on diploma mills yourself:


This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@xxxxxxxxxx for details.