Penetration Testing mailing list archives
Re: OSCP
From: "Andre Gironda" <andreg () gmail com>
Date: Wed, 3 Dec 2008 16:26:15 -0700
On Wed, Dec 3, 2008 at 11:52 AM, Al Rivas <ARivas () hyphensolutions com> wrote:
I've been away for a while and so catching up today and noticed the idea that the CISSP required 5 years information security experience
CISSP is sad the more I think about it. Since all corporate and government security has gone the way of compliance, it's best to just hire certified individuals e.g. SOX -> CISA PCI-DSS -> CPISA ISO 27K (and everything else) -> ISO 27K Lead Auditor (often referred to as LA) If you actually do real security, OSCP is a bullshit cert just like CEH, CNOP, SCNA, GSE, et al. Anything SANS or ISC2 is crap. All of these certs mean absolutely nothing if you dig deep into the actual meaning behind them. I would hire an [recent] OPSA or ISO27K LA over pretty much anything else, if forced to hire based on certifications. I would consider NSA IAM/IEM certified people if ISECOM or ISO certified individuals aren't available. These certifications have merit because there is real operational security value behind them, and they are up-to-date with the real world. Cheers, Andre ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------