Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer
From: "Nathan Sportsman" <nsportsman () gmail com>
Date: Mon, 31 Jul 2006 16:03:52 -0500

All of my fellow peers who have graduated with a B.Sc. in Computer
Science or Electrical Engineering from a reputable school have had no
problems finding positions at top tier companies with or without
experience or certifications. However, the majority of us did have an
interest in security and had voluntarily tied ourselves to various
projects over the course of our undergraduate education. Whether is
was as a contributor to an open source project, a frequent poster to
bugtraq, or an officer of the local ieee com chapter, we all had a way
to demonstrate our abilities technically and back it up. Experience
can come from a number of places and its up to you to show it. This is
especially true when you a recent graduate. In the end your
involvement in the community will speak for itself. That coupled with
an ability to breeze through any technical interview should be more
than enough to get you in the door of that first job (or at least it
was for my peers and I).

As for the CISSP, I took this certification a couple of years ago and
thought it was a complete joke. I thumbed through the material of one
of those prep books for a few hours the day before the exam and was
able to pass it no problem (its multiple choice by the way). Also if
you do have a degree that counts as one year of experience, so now you
only need another 3 years before you can take it. You could probably
pass it now though, it is not a difficult test. Anyone who says
otherwise is selling something, a nontechnical manager/hr rep, or not
very bright. That being said, I do still include this on my resume for
padding purposes as some jobs will not consider you unless you are
certified. However, as mentioned on this list that will only get you
through the HR recruiter. Once the interview moves on to second phase
and you meet with the technical lead of the group, this certification
will hold little to no value. What will count is your expertise and
experience which will be ascertained then. This also all really
depends on what you want to do. The research and development community
probably places the least value on certifications whereas consulting
and services probably places the highest value on certifications.

Thanks
Nathan Sportsman

On 7/31/06, Marc Munk <marc () pungloppen dk> wrote:
I'm facing the same problem as you do. I'v been looking into difference
sans certifications because they don't require experience but they do
give some hands on lab work at the training. Not to mention the
possibility to take a gold level cert. by writing an assignment. But I
don't have any security certs or experience in the area.

-----Original Message-----
From: ankur jindal [mailto:ankurjn113 () hotmail com]
Sent: 31. juli 2006 05:53
To: pen-test () securityfocus com
Subject: Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC
Address Changer

Hey everyone
I am a fresh graduate just out of school with no industry experience of
security, just academic work. I am looking for security work but almost
all
the positions in the pen-test area require n years of experience or a
certification. Unless I start work in the security field and actually
experience how things work I do not get the prereq experience to deserve
the
certification as per most. But again if I get a certification without
any
experience then that doesn't help either for others.

What should I gather from this discussion then?

Ankur
----------------
>Not true. Certification can provide those lacking experience to show
>ability and be an asset to an >organization in that particular field.
So it
>can show credibility where no experience exists. People >already do
this
>now looking to switch job descriptions, need to learn a specific aspect
of
>a job, seek to >enhance current ability, or to improve their
marketability
>for new jobs.



------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise,
you need to proactively protect your applications from hackers. Cenzic
has the
most comprehensive solutions to meet your application security
penetration
testing and vulnerability management needs. You have an option to go
with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your
results from other product. Contact us at request () cenzic com for
details.
------------------------------------------------------------------------
------



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault