Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Security Expert Certificates

From: "Steve W. Manzuik" <steve () security-sensei com>
Date: Fri, 26 Mar 2004 11:46:46 -0700
Other than looking good for clients.  Most certificates are not worth the
paper they are written on.  For example, here are some of my favorite
"certified person" quotes;
 
 
"I just got my MCSE+I and I am wondering how you can add users to a Windows
2000 Domain from command line"
 
 
CISSP:  "What is the latest Linux kernel?"
OTHER: "2.6.4 is the lastest stable one"
CISSP: "Then why isn't my BSD box at that?"
 
 
CISSP: "Hey, I can't get this exploit to compile can you help me with it?"
OTHER: "Sure, lets see the code"
CISSP: "It is here on <insert web url here>"
OTHER: "Ummm, that is shellcode"
CISSP: "I know, I need it to do a reverse netcat but I cant get it to
compile.  Can you compile it for Windows XP for me?"
OTHER: "Ummm, you can't compile that.  It's shellcode."
CISSP: "Oh, ok you don't know then.  I will ask someone else"
 
 
GIAC: "I can't get to the website."
OTHER: "Yes, it looks like there is an outage on <insert ISP router 8 hops
away here>."
GIAC: "Well, we have to do something to fix this.  This is unacceptable and
cannot happen in the future."
OTHER: "It is the Internet, what do you expect.  We have no control over
some ISP in China"
GIAC: "I don't care who you need to call or what you have to do but fix it."
 
 
RHCE: "TCPDUMP is not sniffing"
 
RHCE/CISSP/many others: "You need a firewall around every system on your
network because that is a best practice.  Practicle doesnt matter because it
is a best practice"
 
CISSP: "We need to do something to scare the client otherwise they won't
want to continue to use us"
 
CISSP while talking to a client: "Does your company really need to be
connected to the Internet?  It is so insecure that you should consider doing
away with it enitrely."
 
 
I have so many more I could write a book...............
 
 
 



  _____  

From: dailydave-bounces () lists immunitysec com
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Aviv Revach
Sent: Friday, March 26, 2004 5:24 AM
To: dailydave () lists immunitysec com
Subject: [Dailydave] Security Expert Certificates


Hi,
 
I started thinking of taking some security exam in order to get
a security expert certificate. I surfed the net and came accross CISSP,
SSCP,
and other certificates (such as Ethical Hacking by InfoSec) which force you
to take a course..
 
I wonder if anyone here has one of these certificates and can
give me an advice whether it's worth anything..
If you have any recommendations regarding other certificates -
I would be glad to hear them.
 
 
Best Regards,
Aviv Revach " 


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: