From: Nathan Sportsman (nsportsman@gmail.com)
Date: Mon Jul 31 2006 - 17:03:52 EDT
All of my fellow peers who have graduated with a B.Sc. in Computer
Science or Electrical Engineering from a reputable school have had no
problems finding positions at top tier companies with or without
experience or certifications. However, the majority of us did have an
interest in security and had voluntarily tied ourselves to various
projects over the course of our undergraduate education. Whether is
was as a contributor to an open source project, a frequent poster to
bugtraq, or an officer of the local ieee com chapter, we all had a way
to demonstrate our abilities technically and back it up. Experience
can come from a number of places and its up to you to show it. This is
especially true when you a recent graduate. In the end your
involvement in the community will speak for itself. That coupled with
an ability to breeze through any technical interview should be more
than enough to get you in the door of that first job (or at least it
was for my peers and I).
As for the CISSP, I took this certification a couple of years ago and
thought it was a complete joke. I thumbed through the material of one
of those prep books for a few hours the day before the exam and was
able to pass it no problem (its multiple choice by the way). Also if
you do have a degree that counts as one year of experience, so now you
only need another 3 years before you can take it. You could probably
pass it now though, it is not a difficult test. Anyone who says
otherwise is selling something, a nontechnical manager/hr rep, or not
very bright. That being said, I do still include this on my resume for
padding purposes as some jobs will not consider you unless you are
certified. However, as mentioned on this list that will only get you
through the HR recruiter. Once the interview moves on to second phase
and you meet with the technical lead of the group, this certification
will hold little to no value. What will count is your expertise and
experience which will be ascertained then. This also all really
depends on what you want to do. The research and development community
probably places the least value on certifications whereas consulting
and services probably places the highest value on certifications.
Thanks
Nathan Sportsman
On 7/31/06, Marc Munk <marc@pungloppen.dk> wrote:
> I'm facing the same problem as you do. I'v been looking into difference
> sans certifications because they don't require experience but they do
> give some hands on lab work at the training. Not to mention the
> possibility to take a gold level cert. by writing an assignment. But I
> don't have any security certs or experience in the area.
>
> -----Original Message-----
> From: ankur jindal [mailto:ankurjn113@hotmail.com]
> Sent: 31. juli 2006 05:53
> To: pen-test@securityfocus.com
> Subject: Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC
> Address Changer
>
> Hey everyone
> I am a fresh graduate just out of school with no industry experience of
> security, just academic work. I am looking for security work but almost
> all
> the positions in the pen-test area require n years of experience or a
> certification. Unless I start work in the security field and actually
> experience how things work I do not get the prereq experience to deserve
> the
> certification as per most. But again if I get a certification without
> any
> experience then that doesn't help either for others.
>
> What should I gather from this discussion then?
>
> Ankur
> ----------------
> >Not true. Certification can provide those lacking experience to show
> >ability and be an asset to an >organization in that particular field.
> So it
> >can show credibility where no experience exists. People >already do
> this
> >now looking to switch job descriptions, need to learn a specific aspect
> of
> >a job, seek to >enhance current ability, or to improve their
> marketability
> >for new jobs.
>
>
>
> ------------------------------------------------------------------------
> ------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the
> Analyst's
> Choice Award from eWeek. As attacks through web applications continue to
> rise,
> you need to proactively protect your applications from hackers. Cenzic
> has the
> most comprehensive solutions to meet your application security
> penetration
> testing and vulnerability management needs. You have an option to go
> with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service
> can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm
> your
> results from other product. Contact us at request@cenzic.com for
> details.
> ------------------------------------------------------------------------
> ------
>
>
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com for details.
> ------------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:28 EDT