On 11/26/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > On Sat, 26 Nov 2005 09:52:13 +0530, R S said: > > > Hint: Compare how much of technical advancement has happened in the > > security field because of published GIAC papers compared to real > > technical papers coming out of academia. > > On the other hand, most companies are hiring people who understand how to > use *current* knowledge to secure things and help the bottom line, not do > research. > > When I take my car in to be serviced, the fact the mechanic has his sheet > on > the wall saying he's completed the vendor training on the engine, exhaust, > air conditioning, and brakes for my make of car tells me something. I > don't > need Enzo Ferrari fixing my fuel injection. > >
Yes. You are very right. But you are comparing getting a training from Cisco on Cisco router to getting a very general certification from Sans saying you are a security expert. If you are a qualified mechanic who work on different makes and models and you are hiring a car mechanic to work for you would you hire someone who can show they can do any job you throw at them or someone who just touts that they have a specific certificate from a specific vendor? As a non-technical car driver I may be impressed by seeing the certificate from the vendor on the wall. Again this may not be a good comparison because if you take automobiles there are enough nuances that are very specific to a make and model that you need training from the vendor to even know what's wrong. It should be the same way for security. If there is a cisco firewall protecting your network it may be nice to know that a person trained by cisco is setting it up rather than a "security expert" with a generic sans certification - though that should not be the only criteria because yor network is just not that cisco router. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
