Re: Information security certifications diversity and getting lost

["Andre Gironda" <andreg () gmail com>]

On 9/11/07, Jason Alexander <jalexander () plus net> wrote:
>  I think a lot of the answers on this thread seem to concentrate on pen testing knowledge and techniques

Not exactly, but you're on the right track.  Dave and others have a
fixation on buffer overflows and "breaking code(s)".  Some people
simply feel that they are the best in the world at "security" because
their hex knowledge goes the deepest.  It's a penis-size matching
contest that is actually worse than having the letters CISSP on your
business card (although I admit that I'm a poser/wannabe in both these
categories of snobbery/elitism).

Besides, with specific regard to pen-testing: a full vulnerability
assessment is best done by looking at other softer aspects - such as
code reviews, strategy consulting around how software is
purchased/built/integrated, incident response, threat-modeling, and
http://en.wikipedia.org/wiki/Certified_Social_Engineering_Prevention_Specialist
(just to throw that in there to see what reactions I get).

When and if I get a CISSP, I'm going to make the letters "CISSP" my
entire business card.  You'll be able to punch out the letters (like
you can remove the lockpicks from Mitnick's card),  they'll be made
out of fuzzy material with magnets on the back, and the cardback will
be scratch and sniff.

dre
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave