[Dailydave] Information security certifications diversity and getting lost
Andre Gironda
andreg at gmail.com
Tue Sep 11 12:06:06 EDT 2007
On 9/11/07, Jason Alexander <jalexander at plus.net> wrote:
> I think a lot of the answers on this thread seem to concentrate on pen testing knowledge and techniques
Not exactly, but you're on the right track. Dave and others have a
fixation on buffer overflows and "breaking code(s)". Some people
simply feel that they are the best in the world at "security" because
their hex knowledge goes the deepest. It's a penis-size matching
contest that is actually worse than having the letters CISSP on your
business card (although I admit that I'm a poser/wannabe in both these
categories of snobbery/elitism).
Besides, with specific regard to pen-testing: a full vulnerability
assessment is best done by looking at other softer aspects - such as
code reviews, strategy consulting around how software is
purchased/built/integrated, incident response, threat-modeling, and
http://en.wikipedia.org/wiki/Certified_Social_Engineering_Prevention_Specialist
(just to throw that in there to see what reactions I get).
When and if I get a CISSP, I'm going to make the letters "CISSP" my
entire business card. You'll be able to punch out the letters (like
you can remove the lockpicks from Mitnick's card), they'll be made
out of fuzzy material with magnets on the back, and the cardback will
be scratch and sniff.
dre
More information about the Dailydave
mailing list