A lot of people I know in IT are picking up certifications and I'm wondering if there's any equivalent for software engineers or product security engineers. I have vague memories of QE/QA certifications for ISO compliance, but a quick perusal of google and yahoo turns up nothing for security engineers.
The main reason I'm looking at certification is defensive -- I've been in one too many meetings where someone's opinion was given more weight because of industry certification or advanced degree. As product security and secure development gets more visibility in organizations, conflicts with IT (and other groups) start to happen over things like trusted development environments and product vulnerability escalation paths. It seems like everyone in IT has some sort of certification these days, and the certifications are sold to upper management as a method of knowing your employees have a certain level of knowledge. Of course, none of us in engineering have certifications. Those of us with formal education have degrees from a long time ago in an academic world very far away. Being the sort who'd rather not bring a knife to a gun fight, I figure I should start getting myself some walllpaper as well. Maybe I should just sit for the CISSP, or maybe get something like Sun's JCP or the IEEE CSDP and be done with it? Or maybe go the academic route and get a MS in CS? -- [EMAIL PROTECTED] pgp: 0xF5F84C8F, 7405 0143 B665 303D D2E8 4257 95AD F02F F5F8 4C8F
