From: Pete Herzog (pete@isecom.org)
Date: Sun Nov 09 2003 - 18:59:09 EST
> -----Original Message-----
> From: James Fields [mailto:jvfields@tds.net]
>
> Finally, the Intense School course teaches the OSSTMM methodology
> - in fact
> a large portion of class time is spent on this, and it provides the
> structure for what is done. They were doing an OSSTMM-based course before
> there was an official one sanctioned by ISECOM, and they do a good job
> covering it.
> >
I wrote the OSSTMM and I think you are very wrong about the ISECOM
sanctioned courses. No one taught an OSSTMM class before we did. The
officially sanctioned OSSTMM courses were taught in the UK as Ideahamster
(our original designation) in late 2001 at least a year before any other
course appeared on the horizon. In early 2002, I taught them in Spain.
Anyone teaching official OSSTMM courses should be offering OPST, OPSA, and
OPSS exams and you would see them listed on
http://www.isecom.org/partners.htm.
Our classes are based on OSSTMM 3.0 which has not been released yet to the
public (public version is 2.1). If any group has OSSTMM training materials
above 2.1 and they are not listed on our web page then they are either
stolen or fraudulent materials. And they are probably outdated as well as
ours update regularly to match the cutting edge OSSTMM versions and new
technologies. Additionally, our courses are verified in the La Salle
University Masters program to give them official university accreditation
(college credit).
Finally, officially ISECOM sanctioned courses would have nothing to do with
hacking as we focus our courses on performing practical, thorough, and
efficient tests and analysis for the security professional who has a job to
do. We are an unpopular course for those who want to play with tools and
techniques as we actually work you hard on less than 10 tools but show how
knowing just those 10 tools work will mean you can understand and use just
about any tool out there. See, we're not looking to be the hippest,
flashiest, and hackingest certifications. Our goals are different from that
and not as commercial. We drill our students (70% hands on) in techniques
that mean the best damn security test can be done in a measurable amount of
time.
Sincerely,
-pete.
Pete Herzog, Managing Director
Institute for Security and Open Methodologies
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:42 EDT