Re: InfoSec certification EC/BackTrack?



Hi,

Joseph McCray wrote:
No this is not a shameless plug from a guy that runs a security training
company.

I would say that you want to make sure that you have the background for
the job more so than the certs. I'm not saying that you shouldn't get
them - they do have quite a bit of merit especially considering that
people often doing the hiring really aren't very technical so the certs
will definitely get you an interview.

As often is the case, I find it difficult to disagree with Joe. But I think there is a small problem with work experience-- it's only good if the experience is NOT created by layers of bad information and security myths.

Many of the salty dogs of the security world today come from varied IT backgrounds because there were no security courses or certifications to stumble out of whenceforth one "sees the light". But unfortunately those who gained experience after the introduction of knowledge-based certifications were peppered with "best practices" which grew into myths as they were extrapolated into areas of IT security that they made no sense to be in or became outdated as technology advanced.

Certification, the skills kind based on solid security research and not general practices or a monster manual of tools and scripts (and yes I work for ISECOM so I'm differentiating here), can actually prove the practitioner has learned to tell security fact from fiction, a key element for any security employee.

And by the good kind, I'm referring to the OPST and OPSA... just in case some of you didn't catch that.

Sincerely,
-pete.

www.isecom.org

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



Relevant Pages

  • Re: RE: Value of certifications
    ... Getting an Alphabet-Soup of certs after your name shouldn't be a goal ... Even though I have certifications, none of them appear on my ... Trying to "break into the security field" isn't all that complicated. ... > "To ask a question is to show ignorance; not to ask a question, ...
    (Security-Basics)
  • Re: IT Manager to CISO
    ... I am currently running a PCI-DSS certified payment service provider and even though I have some certifications on my bag let me tell you about my experience ... The technical staff must be knowledgeable on security, ... Having certs helps but what really matters is experience and knowledge. ... Have a REAL firewall policy and prove that such FIREWALL policy does what is supposed to do. ...
    (Security-Basics)
  • RE: A question about certification and training
    ... I'd recommend getting as many of the CompTIA certs as you can (in between ... in for security job to have the Security+, as well as a Network+ (For ... try and focus on certs that relate to your career path. ... some people here at work got a lot of out the SANs security certifications. ...
    (Security-Basics)
  • accredited schools
    ... I think you hade to do the security training at grad schools because ... Some years spent at a decent school outnumbers any cert. ... Subject: CISSP-ISSMP ... You've got a B.S. in infosys, yet due to the certs, you have to go get them to break through the HR ...
    (Pen-Test)
  • Re: CISSP
    ... I really don't use Linux" from people that do security ... SecPros out there that use/code in Windows - most of the people that can ... certs REALLY helped me professionally, ... There are certifications and there are certifications. ...
    (Pen-Test)