Penetration Testing mailing list archives
RE: Learning vs. Play Time
From: "Robert E. Lee" <robert () dyadsecurity com>
Date: Fri, 06 Feb 2004 15:56:56 -0800
Bartholomew, For me, the value of a class is not in the test or even the certification at the end. The lasting value is in the knowledge and skill set that you refine and take with you back to your job. I also have made lasting relationships from the classmates, students, and instructors that I've met over the years. All of these mean a lot more to me than the "e-i-e-i-o" at the end of my name. I gravitated towards the OPST/OPSA classes because they fill a role I felt was missing in the security class space. Many non-vendor specific security classes have a very narrow tools based focus. While I agree that knowing how to use your tools in a test is important, I feel knowing why and when to use them is far more important. Knowing the politics involved in testing, going over internationally accepted testing practices, and reviewing regional and national legal regulations are just as much part of the job. These things are not merely important, but are required to be successful in your role as a security tester. In addition to the intensely technical aspects of the testing process, this is what the OPST represents; the "professional" side of security testing. The CEH class represents the other kind of class. One that is "flashy", "fun", "exciting", but not overly useful to the serious professional. While I have a lot of respect for Clément (one of the instructors for Intense School), I have very little respect for any organization that markets "hacker" classes. This includes the so-called ethical hacking, applied hacking, exposed hacking, grandmother hacking, squirrel hacking, super-duper 3y3 4m 31337 hacking, or any other fancy way of saying "Learn how to think and act like the bad guys". While choosing where to spend your time and money, consider the community you are aligning with. If you look at ISACA, SANS, ISC2, ISECOM, etc.. they all have a true dedication to security and the betterment of the global information security community. Contrast the value of being affiliated (via education/certification) with any of those organizations over a piece of paper and a cd of toys. Sincerely, Robert Robert E. Lee CTO of Dyad Security, Inc. http://www.dyadsecurity.com -----Original Message----- From: Bartholomew, Brian J [mailto:BartholomewBJ () state gov] Sent: Friday, February 06, 2004 8:13 AM To: 'pen-test () securityfocus com' Subject: RE: OPST vs CEH I have taken the CEH but not the OPST. The CEH is kinda simplistic, and pretty easy to pass. I have not taken the OPST, however, I have heard that it is much more in depth and more difficult to pass. To sum it up...If you are looking for letters after your name and a good base to start with, go for the CEH (it can't hurt). If you want to take a more detailed, OSTMM sponsored test, take the OPST. What the hell, take both if you really like a challenge :) --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- OPST vs CEH kenzo (Feb 05)
- Re: OPST vs CEH circut (Feb 06)
- <Possible follow-ups>
- RE: OPST vs CEH Matthew Stein (Feb 06)
- RE: OPST vs CEH Bartholomew, Brian J (Feb 06)
- RE: Learning vs. Play Time Robert E. Lee (Feb 07)
- RE: Learning vs. Play Time Clement Dupuis (Feb 12)
- RE: Learning vs. Play Time Robert E. Lee (Feb 07)
- RE: OPST vs CEH Don Parker (Feb 07)
- Re: OPST vs CEH Ben Nelson (Feb 11)
- RE: OPST vs CEH Bartholomew, Brian J (Feb 11)
- RE: OPST vs CEH wjnorth (Feb 12)
- credentials & experience (was: Re: OPST vs CEH Meritt James (Feb 16)
- Re: OPST vs CEH Patrick Prue (Feb 13)
- RE: OPST vs CEH Pete Herzog (Feb 16)
- RE: OPST vs CEH wjnorth (Feb 12)
- RE: OPST vs CEH Don Parker (Feb 12)
- RE: OPST vs CEH Don Parker (Feb 13)
(Thread continues...)