-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan Kaminsky wrote: > On Wed, Sep 23, 2009 at 6:28 AM, Paul Ferguson <[email protected]> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Tue, Sep 22, 2009 at 8:56 PM, Dan Kaminsky <[email protected]> wrote: >> >>> I'm rather less concerned about 'presidential kill switch' and much >>> more concerned about 'security consulting illegal in undefined >>> contexts unless undefined certifications are maintained'. What if it >>> was illegal to hire anyone who could actually find a problem? >>> >> Then the criminals (and terrorists and whomever) win. > > Yes. Those of us who have a problem with the criminals and terrorists > and whomever winning should probably stop worrying about some in > extremis provision that'll never be triggered and worry more about the > part where some certification authority can fire you.
<rant> I don't have a problem with certification, per se. The problem I have is with the specific certification most likely to be required: CISSP. The majority of the CISSPs that I have had to interview for various IT Security jobs are totally clueless -- especially if that is the only certification that they have. Let's face it, CISSP should not be considered a security certification. Rather, it should be considered a management certification -- something that says "I at least understand all the security buzzwords, but I probably can't do anything real in security." IMHO, *any* certification that does not require a *hands-on* skills examination (e.g., CCIE, RHCE, OSCP) is worthless, proving only that you are capable of memorizing information. We have too many people in our industry today who have a piece of paper that declares that they are an expert, but are totally incapable of doing any real security work. (Just look at the number of companies selling a Nessus or nmap scan as a "penetration test" -- "we are highly qualified, we are CISSPs.") </rant> Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkq59ZgACgkQUVxQRc85QlPk0ACfbXj1WXEPLcnIYEff6dVW+WZD gMYAniv0rdQhHhviAz1oOX1JmvDbxfcb =A2GX -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
