Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: InfoSec certification EC/BackTrack?
From: Pete Herzog <lists () isecom org>
Date: Wed, 05 Mar 2008 22:00:01 +0100
Hi,

Joseph McCray wrote:

No this is not a shameless plug from a guy that runs a security training
company.

I would say that you want to make sure that you have the background for
the job more so than the certs. I'm not saying that you shouldn't get
them - they do have quite a bit of merit especially considering that
people often doing the hiring really aren't very technical so the certs
will definitely get you an interview.
As often is the case, I find it difficult to disagree with Joe. But I think there is a small problem with work experience-- it's only good if the experience is NOT created by layers of bad information and security myths.
Many of the salty dogs of the security world today come from varied IT backgrounds because there were no security courses or certifications to stumble out of whenceforth one "sees the light". But unfortunately those who gained experience after the introduction of knowledge-based certifications were peppered with "best practices" which grew into myths as they were extrapolated into areas of IT security that they made no sense to be in or became outdated as technology advanced.
Certification, the skills kind based on solid security research and not general practices or a monster manual of tools and scripts (and yes I work for ISECOM so I'm differentiating here), can actually prove the practitioner has learned to tell security fact from fiction, a key element for any security employee.
And by the good kind, I'm referring to the OPST and OPSA... just in case some of you didn't catch that. 

Sincerely,
-pete.

www.isecom.org

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]