Re: InfoSec certification EC/BackTrack?

From: Joseph McCray (joe@learnsecurityonline.com)
Date: Tue Mar 04 2008 - 19:18:46 EST


No this is not a shameless plug from a guy that runs a security training
company.

I would say that you want to make sure that you have the background for
the job more so than the certs. I'm not saying that you shouldn't get
them - they do have quite a bit of merit especially considering that
people often doing the hiring really aren't very technical so the certs
will definitely get you an interview.

Speaking for myself when I'm looking at hiring new testers the things I
look for are:

1. Solid background in Operating Systems (Admin level experience in
Windows/*nix - preferably with some certs in this area such as an MCSE,
RHCE, SCSA, etc)
2. Solid background in Networking (Admin level experience - preferably
with some certs in this area such as a CCNA/CCNP)
3. Solid background in Programming (comfortable with languages like C,
Perl, Python, Ruby, SQL, etc - some documented work on an open source
project might be a good resume stuffer for this)

I just taught a CEH class last week and I had student that had worked as
a PC tech, Network Tech, and had a few years of programming under her
belt. She knew her TCP/IP pretty well, she was really familiar with DB
connection stuff, and dynamic web content so even though she really
didn't have the "HACKING" background per se should could read the source
code of exploits and tools, or read a packet capture and figure out what
was going on.

She understood session management, and SQL so cross-site scripting and
sql injection made sense to her.

So I'm not saying that any of the certs are bad, but I think it's way
more important to have that background, and the certs to back up your
experience.

At the end of the day you are interfacing with customers that are help
desk techs, system admins, network admins, DBAs, and programmers - and
your job is to tell them how to do their job better. So it really does
help if you have a solid background in their jobs.

How are you going to tell a CCNP with 3 years experience how to secure
his network without a really strong understanding of network protocols
and common configurations?

How are you going to tell a system admin with 5 or 6 years of experience
about the security of his workstations and what GPOs he should be
applying if you don't have that background?

How are you going to tell a web developer about writing secure queries,
and filtering HTML and script injection without that kind of background?

If you have 2 of the 3 (OS, Network, Programming) skillsets then you are
well on your way into our field. You don't have to be mad kung fu in all
3, but you really need to be able to comfortably interface with Admins,
and developers. That's the job...

As far as Offensive-Security's courses even though they are a competitor
I can honestly say - I've met muts, and I've seen his training
materials. It's not bad - put together pretty well, and if you really
understand and can literally DO all of the stuff in his courses then you
are at a good point by most pentester's standards.

I've seen the SANS stuff - it's not bad. SANS GIAC certs are pretty well
accepted in the Government, and Military security worlds. So although
they are expensive you do have the benefit that they are recognized.

Nothing is going to help you like having both the skill-set and the
certs though.

What I'd recommend that you do a site like dice.com and search for
"penetration test", and have a look at the skill-sets that employers are
looking for. I think you'll find that what I've said above will be
confirmed there in the job descriptions.

I hope this helps....

-- 
Joe McCray
Toll Free:  1-866-892-2132
Email:      joe@learnsecurityonline.com
Web:        https://www.learnsecurityonline.com
Learn Security Online, Inc.
* Security Games        * Simulators
* Challenge Servers     * Courses
* Hacking Competitions  * Hacklab Access
"The only thing worse than training good employees and losing them 
is NOT training your employees and keeping them." 
        - Zig Ziglar




This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:26 EDT