-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
You mean of course GIAC (www.giac.org and www.sans.org), not GAIC. That is, unless You really want a security certification from the Great Australian Ice Creamery (www.gaic.com.au).
-&
- -------- Original Message -------- Subject: RE: [SC-L] certification for engineers/developers? Date: Tue, 22 Mar 2005 13:43:54 -0700 From: Edward Rohwer <[EMAIL PROTECTED]> Reply-To: Edward Rohwer <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>, <sc-l@securecoding.org>
Depending on where you want to go, defiantly look at the CISSP, or one of the GAIC cert.'s Software "engineering" is another subject entirely. Some people (a lot actually) would argue that SE's are not engineers at all, since they are not licensed by states or other governmental agencies like EE's or other professional engineers.
Ed. Rohwer CISSP
- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of j eric townsend Sent: Tuesday, March 22, 2005 12:18 PM To: sc-l@securecoding.org Subject: [SC-L] certification for engineers/developers?
A lot of people I know in IT are picking up certifications and I'm wondering if there's any equivalent for software engineers or product security engineers. I have vague memories of QE/QA certifications for ISO compliance, but a quick perusal of google and yahoo turns up nothing for security engineers.
The main reason I'm looking at certification is defensive -- I've been in one too many meetings where someone's opinion was given more weight because of industry certification or advanced degree. As product security and secure development gets more visibility in organizations, conflicts with IT (and other groups) start to happen over things like trusted development environments and product vulnerability escalation paths. It seems like everyone in IT has some sort of certification these days, and the certifications are sold to upper management as a method of knowing your employees have a certain level of knowledge.
Of course, none of us in engineering have certifications. Those of us with formal education have degrees from a long time ago in an academic world very far away.
Being the sort who'd rather not bring a knife to a gun fight, I figure I should start getting myself some walllpaper as well. Maybe I should just sit for the CISSP, or maybe get something like Sun's JCP or the IEEE CSDP and be done with it? Or maybe go the academic route and get a MS in CS? - -- [EMAIL PROTECTED]
pgp: 0xF5F84C8F, 7405 0143 B665 303D D2E8 4257 95AD F02F F5F8 4C8F
- -- GPG key / Schlüssel -- http://simultan.dyndns.org/~arjones/gpgkey.txt Encrypt everything. / Alles verschlüsseln.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFCQOw2oI7tqy5bNGMRAn9xAKDSjlw0TMxYlkam3K9Ke8n0YnlX9gCfd1nM vuVX94hrJPFnyB174BnyuX4= =vHL/ -----END PGP SIGNATURE-----
