Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: [Dailydave] Security Expert Certificates
From: Steve W. Manzuik (stevesecurity-sensei.com)
Date: Fri Mar 26 2004 - 12:46:46 CST
Other than looking good for clients. Most certificates are not worth the
paper they are written on. For example, here are some of my favorite
"certified person" quotes;
"I just got my MCSE+I and I am wondering how you can add users to a Windows
2000 Domain from command line"
CISSP: "What is the latest Linux kernel?"
OTHER: "2.6.4 is the lastest stable one"
CISSP: "Then why isn't my BSD box at that?"
CISSP: "Hey, I can't get this exploit to compile can you help me with it?"
OTHER: "Sure, lets see the code"
CISSP: "It is here on <insert web url here>"
OTHER: "Ummm, that is shellcode"
CISSP: "I know, I need it to do a reverse netcat but I cant get it to
compile. Can you compile it for Windows XP for me?"
OTHER: "Ummm, you can't compile that. It's shellcode."
CISSP: "Oh, ok you don't know then. I will ask someone else"
GIAC: "I can't get to the website."
OTHER: "Yes, it looks like there is an outage on <insert ISP router 8 hops
GIAC: "Well, we have to do something to fix this. This is unacceptable and
cannot happen in the future."
OTHER: "It is the Internet, what do you expect. We have no control over
some ISP in China"
GIAC: "I don't care who you need to call or what you have to do but fix it."
RHCE: "TCPDUMP is not sniffing"
RHCE/CISSP/many others: "You need a firewall around every system on your
network because that is a best practice. Practicle doesnt matter because it
is a best practice"
CISSP: "We need to do something to scare the client otherwise they won't
want to continue to use us"
CISSP while talking to a client: "Does your company really need to be
connected to the Internet? It is so insecure that you should consider doing
away with it enitrely."
I have so many more I could write a book...............
[mailto:dailydave-bounceslists.immunitysec.com] On Behalf Of Aviv Revach
Sent: Friday, March 26, 2004 5:24 AM
Subject: [Dailydave] Security Expert Certificates
I started thinking of taking some security exam in order to get
a security expert certificate. I surfed the net and came accross CISSP,
and other certificates (such as Ethical Hacking by InfoSec) which force you
to take a course..
I wonder if anyone here has one of these certificates and can
give me an advice whether it's worth anything..
If you have any recommendations regarding other certificates -
I would be glad to hear them.
Aviv Revach "