, 2005-03-28
Recent changes to the GIAC makes one question the value of certification for the security industry.
Expand all |
Post comment
Practical Certifications
2005-03-29
John H. Sawyer (5 replies)
John H. Sawyer (5 replies)
Practical Certifications
2005-04-06
Slade (1 replies)
Slade (1 replies)
Worthless Certifications compared to College
2005-04-08
Anonymous, NCN (No-Certs-Needed) (2 replies)
Anonymous, NCN (No-Certs-Needed) (2 replies)
I think that the recent move by sans, http://www.sans.org has really created a stir in the security community, and validates something I have not only observed, but also been in the middle of, and one of the reasons why I like college over certificates. At least in college you have to prove you have a clue, not just take a test and be a ?security professional?. I have seen some really amazing contra ethical behavior out of paper cred folks, like CISSP, and the security community suffers greatly for it. We are all tarnished by the lowest common denominator, and as is it, we are meat at this point, and we will be judged by that lowest common denominator.
I have met that lowest common denominator and they worry the heck out of me, because they are not informed, and not ready to work in this industry. They will cause harm on a massive scale, and are causing harm on a massive scale, and will continue to do so.
The decision by sans to do away with the practical has really bothered people all over the industry.
I have been fortunate to see people with certificates with skills, but the thing that I was worried about, the dilution of the industry by people with no practical skills, but certificates to their name. I really did not want security go the way of the MCSE of 1999. But then the money ($) object has taken over, and our industry is going to be hugely discredited by people with certificates, but don?t know about the industry, understand the technology, or understand why the things work the way that they work.
Therefore, we will go through the ?Boot Camp? CISSP, GCIA, the industry will become diluted with paper creds, and those that really understand this or know the way that things work, will be drowned out in the crowd of paper people. Therefore, in about a year, CISSP and GC creds will be worthless. So all those who started out with CISSP in 1999 when I first heard of it, its been a good ride, but the tide has turned, time to come up with some new cred that is harder to get and more meaningful in the longer run. OSCOMM will be about the only serious one left.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/311/31210#31210