RE: Now I truly have seen EVERYTHING!!



Yep, requiring PM isn't as strange as you might think. Pentesting ends up being a lot of mini-project management by the time you take everyone's input into what questions need to be answered (who / what are you trying to protect against?) and manage their expectations for contact and deliverables.

It is a bit strange to require both in the same person, but I can definitely see the value in knowing how to handle larger projects and do security testing...


jcran

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of
Bobby.Clarke@xxxxxxxxxxxxx
Sent: Tuesday, August 25, 2009 4:35 PM
To: listbounce@xxxxxxxxxxxxxxxxx; Pentest
Subject: Re: Now I truly have seen EVERYTHING!!

If the organization uses a PMO to manage projects and follow a
particular
project management methodology this makes sense. We have worked with
several major security organizations whose staff were PMP certified
along
with CISSP and GIAC certifications.

Bobby Clarke CISSP, GSEC, GCIH, GSAE





Jon Kibler <Jon.Kibler@xxxxxxxx>
Sent by: listbounce@xxxxxxxxxxxxxxxxx
08/24/2009 03:13 PM
Please respond to
Jon.Kibler@xxxxxxxx


To
Pentest <pen-test@xxxxxxxxxxxxxxxxx>
cc

Subject
Now I truly have seen EVERYTHING!!






-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was scanning through Dice looking for a new pen testing gig and came
across this:

http://seeker.dice.com/jobsearch/servlet/JobSearch?op=302&dockey=xml/c/
0/c00ff435b99c8c09afa2fd2244437289@endecaindex&source=19&FREE_TEXT=%22p
enetration+test%22+CEH+GIAC+hacker&rating=99


For a Security Architect / Pen Tester gig, they want PMP
certification?? I
guess
they must now include a lot of security requirements to become a
certified
project manager!

What next?

Jon K
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-813-2924 (NEW!)
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqSbWsACgkQUVxQRc85QlMWlQCfSmiJQXcqOSoScE6yGjdAeGre
z6oAoIfWRbJWWNtYqdYTB0U7KXNJi1q6
=UBud
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.


-----------------------------------------------------------------------
-
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a
full practical examination in order to become certified.

http://www.iacertification.org
-----------------------------------------------------------------------
-


-----------------------------------------------------------------------
-
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
-----------------------------------------------------------------------
-



Relevant Pages

  • Risks Digest 24.59
    ... ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ... Workshop on Web Security, ... FDA - MedWatch - Medical Device Safety - Change in Daylight ... Subject: REVIEW: "FISMA Certification and Accreditation Handbook", ...
    (comp.risks)
  • RE: CISSP-ISSMP
    ... the materials and touched the technology. ... trough a certification process and get certified. ... I am proud to be a certified security professional:) ... Certs are sort of new to the scene. ...
    (Pen-Test)
  • RE: CISSP-ISSMP
    ... management say "that's nice", and move on. ... education, certification, experience, know-how, abilities, and ... Many 'security jobs' are nothing shy than that of an overly glorified ... Download FREE whitepaper on how a managed service ...
    (Pen-Test)
  • Re: Pentesting lab
    ... Metasploit is a professional tool so I'd like to ask Woman to come ... Prove to peers and potential employers without a doubt that you can ... Information Assurance Certification Review ...
    (Pen-Test)
  • [Full-Disclosure] RE: Full-Disclosure digest, Vol 1 #649 - 5 msgs
    ... Firewall disablers ... Send Full-Disclosure mailing list submissions to ... RE: Security Certifications ... Security Certification Consortium has developed and released a potentially destructive trojan application, which masquerades as a valid standard for professional certification in the field of information security. ...
    (Full-Disclosure)