On Sun, 10 Dec 2000, opie san wrote:
[Disclaimer: I'm currently employed by TruSecure, but this is written
from my own personal opinion perspective on my own personal account on my
own time, not one iota of it has any offical stamp of anything
employer-related.]
> I've recently found out about a new (I think) set of certifications from
> ICSA that are geared towards network security. Since I work with FW's and
> soon, AntiVirus boxes, it seems like a good idea for me to get these certs.
They are indeed new. We're hoping that it _is_ a good idea for people to
get these. ;)
> However, not wanting to cloud the resume with a useless collection of
> alphabet soup certs, I thought I'd pose this question to the good folks that
> participate on this list. Have you heard of these certs and if so, what is
> the general consensus about their worthiness? The information about them
> can be found at the following address
> http://www.trusecure.com/html/secsol/peoplecert01.shtml
The program is really too new to have an overall feeling for how valid and
worthwhile they'll be seen from the perspective of the average employer,
but given the current environment it's difficult to see a case where
they're not taken well. [I'm not sure that the strength of the program has
much to do with that though...]
Certainly, we're hoping that given the continued input of respected
professionals in the community, they'll hold up well and provide
significant value.
> In looking them over, they seem pretty solid given the broad spectrum of
> security issues they cover. However, I have experienced that a cert is only
> as good as the company that gives it. I know about the Cisco and MS certs
> (Novell too) but they are all companies with a reputation in their industry.
> Getting certs from them means you have specific knowledge of their
> products. These ICSA certs are not vendor specific and seem to rest on the
> subject matter they cover rather than the company name. I know that ICSA is
> reputable for certifying security products but I hadn't heard about the
> people certs until a few weeks ago.
I've been vocally and consistantly critical of almost every certification
program in the IT arena. If ours end up being bad, I'll be even more
critical of them. More to the point, I'm willing to amplify others'
criticisms so long as they're valid issues.
> Mainly what I'd like to know in addition to the question I posed above is,
> would you, a group of network security professionals, give much weight to
> these certs if you saw them on a resume? I look forward to hearing/seeing
> your comments about this. Thanks for your help.
As I understand the program (and I'm certainly not the canonical authority
on the program by a long stretch), The first level is intended to be "what
any administrator should know about security", and as such probably won't
be a major differentiator for the secuity field, but hopefully will be for
the non-security field. The other two should be significantly more
important to the security field at large, but it's difficult to provide an
idea of how well they'll be received at this stage in the game.
Certainly they're intended to be vendor-neutral and even AFAIK
trainer-neutral. That is, the idea isn't to provide certificate mills
with the oppertunity to sell another chunk of the alphabet, it's to
measure real knowlege and actual learning. That's a pretty difficult
target to achieve well, and we'll have to see how it goes. We will
(and do) have training partners, and I don't know how any of them intend
to position any of this. The idea that core security information should
be a part of any administrator's job is in the "preaching to the chior"
realm here, but it's surprising how many folks don't have even a basis of
it who've been working for a long time in the IT field. Having a
benchmark that doesn't require living in a major metropolitan area is
something that some people find important.
We're going to be putting a significant effort into this, and it's _not_
considered a significant revenue stream. It's a logical extension of our
core business of certifying things that are security related. We don't
sell training just like we don't sell security devices. AFAIK, it's not
even meant to compete with current certification programs by others in
the industry. We are trying to get things to the point where it's easier
for all of us to find people who have a clue, and also to try to drive
normal non-security administrators to at least have a baseline of knowlege
when they're administering systems and networks.
In any case, at least if the program doesn't live up to my expectations, I
can whine loudly at all the right people. ;) Poor Fred's already seen
the dreged up leavings of the last really good certification rant from
Firewalls that I dug out of an archive.
I'm particularly interested in thoughtful discussion of the base idea of
the program and if it holds water. Off-list is definitely best, since
it's tangental to firewalls and has a specific company's slant.
Thanks,
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
