|
|
The Value of Certifications |
|
Written by oleDB
|
|
Thursday, 17 May 2007 |
|
After reading a very spirited, informative discussion on this topic over at SecurityFocus I decided to throw my own hat into the ring. I want to expand on several relevant topics. 1 - Certifications are a joke - A certification alone, without experience is typically not worth that much in the real world. It proves that the candidate can pass a test, often with having the questions in advance( see Testking/ActualTests). All it really guarantees, is that the candidate has some basic knowledge of the subject. Even the certs with experience requirements are pitiful, due to the fact that they do not audit every candidate. And if they did, there's always a chance they lied, like most people do on their resume. 2 - Certifcations are necessary - until the HR machine is overhauled, you cannot afford to not have certifications. Unless you have a good contact in the company, most non-certified individuals will be screened out by the non-technical HR employee, who basically knows keywords. I think also if your very specialized, like on a certain product or field, having one of the more advanced certs could be very rewarding financially. Also on the opposite spectrum, having certs in several different areas, like various OSes, networking, security, etc can show that your pretty versatile. 3 - Experience is still king - despite the fact that you have a lot of "enhanced" resumes out there, experience is still the most important factor in deciding whether or not a candidate will be successfull. A good track record of completing projects, troubleshooting, implementing, etc along with personal references from those jobs are still the best indicator that I've seen. Granted you need to do a fair amount of vetting via the technical interview, I still think its what employers should put more emphasis on versus certifications. In conclusion, I would like to state that I don't think its possibile for anyone to argue that the current certification system we have is not broke on multiple levels. We have hiring managers without a clue. We have money grubbing, so called experts selling us mediocre certifications. In short, we all have to take responsibility for fixing it. Whether its done by educating people of the dangers of paper only certified employees or by designing a new system, something needs to be done.  |
|
Last Updated ( Monday, 01 October 2007 )
|
|
|
Hidden dangers of the Security CON |
|
Written by oleDB
|
|
Monday, 07 May 2007 |
|
I know tons of people, myself included, are guilty of this. Were fresh off the heels of a Security Conference and we can't wait to blab about what new ideas we heard and what hot new products are on the market. Its our god given right to rant to people that we can't completely secure our network with out NAC or run on about the implications of podslurping and tools like jikto. Here in lies the hidden danger. Accountants, Managers and other non-technical IT folks are suddenly security experts after attending a CON. Armed with old, tired catch phrases like "Security is much more then patching and Antivirus Software" or "The biggest threat is from the inside". Yet, empowered by their newly obtained drivel, they go about the company preaching security, without any real technical security knowledge. And what scares me the most .... Management will listen :-(. I can't tell you how many times our objectives for the year get determined by what some non-security person heard at a conference. Its scary and slightly depressing. Yes knowledge is power and in the hands of the wrong person its downright dangerous. Many times what actually ends up in the listeners ear, is something quite different then what was initially said at the conference. But who knows, maybe Bob the accountant after his weekend in Orlando is really a security expert? Ha, highly unlikely, yet his coworkers and mgmt think so and thats what matters. This is how misinformation is spread. So the next time your thinking about sending your non-technical folks to a Security Conference, please don't. Send your hardworking, underpaid IT Security staff instead and you will get more out of it. Bob the accountant will be just fine going to a tax seminar in Jersey. |
|
Last Updated ( Monday, 07 May 2007 )
|
|
|
Lets download the entire Internet! |
|
Written by oleDB
|
|
Thursday, 26 April 2007 |
|
As ridiculous as that sounds, startup Robot Genius aims to do just that. Talk about an ambitious project. Not only do they want to scour the entire internet, they also want to analyze the binaries present on the websites for malicious characteristics. Such a product is sure to be in high demand, given that web-based malware has taken the reigns from email-based malware as the vector of choice. This biggest gap I see, is how quickly they can do this. Its very common for malware authors to change IPs on a daily or weekly basis to stay ahead of the whitehats. With such a dynamic environment as the internet, surely they will not be able to keep uptodate with the daily changes. More realistically monthly changes would be feasible. Still, I see the value of the service as a more accurate blacklist then has been delivered in the past. I think this will serve to raise the bar for other AV/Security vendors to improve their products as well. And if that doesn't work, some behemoth like Symantec or Microsoft will just buy them out. Read the Full Story HERE |
|
Last Updated ( Monday, 07 May 2007 )
|
|
| | << Start < Prev 1 2 3 Next > End >>
| | Results 5 - 8 of 10 |
|
