The difference being when they screw up they might lose their
license and can't practice anymore. When we screw up we just have to
find clients who haven't heard of us. Not sure if that argument is
sufficient to justify licensing but figured I'd at least clarify the
distinction.
Sent from my Verizon Wireless BlackBerry
-----Original Message-----
From: "Shenk, Jerry A" <jshenk () decommunications com>
Date: Thu, 18 Dec 2008 19:31:43
To: pen-test list<pen-test () securityfocus com>
Subject: RE: My Frustrations
Is being licensed really all that different from certified? I don't
know too many teachers but I know a couple really lousy ones and every
couple days, I hear some horrible story about a teacher who had sex
with
a student or.... There are bad examples in the medical profession too
and they're all licensed. And drivers...they all have licenses. My
town requires plumbers and electricians to be licensed and they also
require that one of those guys who is playing the system review my
work
if I want to do something myself. I'll bet we can all come up with
electrical and plumbing stories.
No, I don't think licensure is the answer. I think personal
responsibility both from the practitioner and the one needing the
service (or the checkbox;) is what's really needed.
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com
]
On Behalf Of Sat Jagat Singh
Sent: Thursday, December 18, 2008 6:54 PM
To: pen-test list
Subject: Re: My Frustrations
Having read your blog post, I would say that I share some of these
frustrations. But many organizations are really only trying to cover
their asses and put a check in the box to say that, yes we got an
assessment done to satisfy the letter of the regulations. These are
companies that are more concerned about the cost of the project than
the
actual security. While such people tend to get what they deserve, it
does create a negative reputation for the profession as a whole.
Yes, I do think it is a "profession", but we have not
"professionalized"
ourselves by requiring licensing. The industry reliance on
certification rather than licensing as a credential somewhat serves to
muddy the waters because the decision makers hiring security
consultants
don't really know what a given certification covers. We could debate
the value of different certifications until the cows come home but I
don't want to insult anyone and we can probably agree that too many of
them do not guarantee that the holder has real qualifications and the
security unsavy will never really know how to evaluate that. More and
more I lean toward some form of professional licensure. One of the
states will have to move in this direction before a serious debate
about
it will be opened. Until then, caveat emptor.
--- On Wed, 12/17/08, Adriel T. Desautels <ad_lists () netragard com>
wrote:
From: Adriel T. Desautels <ad_lists () netragard com>
Subject: My Frustrations
To: "pen-test list" <pen-test () securityfocus com>
Date: Wednesday, December 17, 2008, 11:19 AM
I recently wrote this blog entry and wanted to get some
comments from readers of this list. I'm frustrated with
the caliber of the people that are offering security
services and posing as experts, thats the subject of the
post. Please comment, insult, whatever... I'm
interested.
http://snosoft.blogspot.com/
Adriel T. Desautels
ad_lists () netragard com
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
**DISCLAIMER
This e-mail message and any files transmitted with it are intended
for the use of the individual or entity to which they are addressed
and may contain information that is privileged, proprietary and
confidential. If you are not the intended recipient, you may not
use, copy or disclose to anyone the message or any information
contained in the message. If you have received this communication in
error, please notify the sender and delete this e-mail message. The
contents do not represent the opinion of D&E except to the extent
that it relates to their official business.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Intro
