, 2002-10-23
As security certifications become more plentiful, they are losing their real value.
Expand all |
Post comment
Certifiably Certified
2002-10-23
Anonymous (3 replies)
Anonymous (3 replies)
Whole lot of useless words
2002-10-24
Anonymous (2 replies)
Anonymous (2 replies)
Certifiably Certified
2002-10-25
LittleW0lf (1 replies)
LittleW0lf (1 replies)
Certifiably Certified
2002-11-05
Bob Radvanovsky, Certified Technological Sanitation Disposal Engineer (CTDSE)
Bob Radvanovsky, Certified Technological Sanitation Disposal Engineer (CTDSE)
What does this translate to? If you don't meet 'XYZ requirement', throw it out.
I agree with the CISSP who spoke anonymously. I understand the creed that he/she signed to *become* a CISSP; however, if you want to speak up, speak with your REAL name, instead of hiding behind a mask. There are also quite a number of non-certified 'security professionals' out there who are trying to convince management of Corporate America that their solution is the best.
Let me use a really *good* marketing ploy that worked for almost 3 years: intrusion detection systems, also know as "IDS". Do they really work? In certain, carefully designed and monitored environments -- 'yes'. In most corporate environments -- because some manager needed to have it in 3 weeks early because their Christmas bonus was in jeopardy -- 'no'. The reason? Management in Corporate America fell prey to the 'Chicken Little' problem of the sky falling when in fact, it may or may not have. Secondly, placing IDS into working environments may have hindered those environments even further (I can recite in greater detail, but non-disclosure agreements prevent me from doing so) by (if you can imagine this) 'broadcasting' internal network addresses outside through improperly configured tunneling mechanisms and poor security monitoring packages. Hackers simply have to wait at the doorway, and wait for the next available time when the door swings wide open.
Or this scenario -- by placing IDS blindly, has caused increased amounts of excessive network traffic to bog down current production environments. In some cases, the increase was significant enough because of 'ghosting' and 'false positives'.
All of this because management believed in a fast-talking, sweet smelling sales rep who represented themselves from a 'security professional consulting company' or 'security software company' or 'security hardware company'. In several of these instances, what happened was that everything was backed out completely, and is currently waiting for a revamp when funding becomes available. And that may be a while, too...
And these instances were performed by *certified* 'security professionals', too!
Care to tackle this topic a bit further???? ;)
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/118/17040#17040