Re: CREST or TIGER?

[Danny Fullerton <dfullerton () mantor org>]

Hi Craig,


look like you misinterpreted most of what I said or somehow, I did not 
explain myself enough clearly. So let me rephrase.

"penetration1_googlemail.com" talked about being taken seriously and I 
was arguing that certification and studies was not what I use to make an 
opinion on competency level among security professional. I never said it 
was crap. My own experiences prove certifications/studies were 
absolutely not a perfect match with people competency. In your case, the 
hole thing (publications, books, certifications, etc) would prove to 
anyone you have large and proven competency. Your case is quite 
different from the one who only did one or two certs and nothing else 
really related to security.

As I said, I found certifications and studies really useful when dealing 
with external people. It's not a perfect and/or always fare system but 
it do help external people unable to measure themselves security 
professional competency (clients, RH, etc). I guess a better system 
would have to be free and complex while covering every aspect of 
security professional abilities in order to be a really effective 
measurement program. But I doubt this could ever be done.

Everything I said was without any pretension and signed has being my own 
opinion. Still, for all those reason, my opinion does not change. My 
only hope is to make the latest understood correctly.

---
Danny Fullerton
Founder
Mantor Organization


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------