Penetration Testing mailing list archives
Re: Federally Mandated Certification of cybersecurity professionals?
From: "J. Oquendo" <sil () infiltrated net>
Date: Thu, 9 Apr 2009 13:38:52 -0500
On Wed, 08 Apr 2009, macubergeek wrote:
Wolf I believe there were moves afoot to have something like that in the civilian fed space as well. This new legislation will do little to ensure competency. The feds only solution to any problem is to take a profession already hampered with hoop jumping and to add more hoops.
If hoop jumping bothers anyone, then this is not the industry for them. Security changes almost daily so there should be little difference in actually taking the time to jump through hoops in understanding the threats along with the attack vectors. If you can't talk the talk dot dot dot Will the legislation lead to identifying and hiring the "right" individuals, sure it will. It will lead to the CYA (Cover Your A..) methodology of being able to say they took their due diligence. There is a disconnect many times with those who have a clue NOT being certified and those with certifications still not understanding. Personally, I believe this raises the bar for those unclued and certified to actually go out and re-think/re-examine slash "get a clue". Because it won't be something as easily passed as many trolls would elude to, I think the government is showing that even though they're taking babysteps, they're starting to see through the mud and wisening up on security. One of my biggest problem with government is, they isolate themselves far too often. Instead of turning to a "best of breed", dual view of security (private sector/research and their own staff), they often rely far too much on one set of eyes. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "Enough research will tend to support your conclusions." - Arthur Bloch "A conclusion is the place where you got tired of thinking" - Arthur Bloch 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Federally Mandated Certification of cybersecurity professionals? Dave Kleiman (Apr 03)
- RE: Federally Mandated Certification of cybersecurity professionals? Shenk, Jerry A (Apr 03)
- Re: Federally Mandated Certification of cybersecurity professionals? Louis Brooks (Apr 03)
- Re: Federally Mandated Certification of cybersecurity professionals? John Bambenek (Apr 03)
- Re: Federally Mandated Certification of cybersecurity professionals? Michal Zalewski (Apr 03)
- Re: Federally Mandated Certification of cybersecurity professionals? macubergeek (Apr 03)
- Re: Federally Mandated Certification of cybersecurity professionals? Louis Brooks (Apr 03)
- Re: Federally Mandated Certification of cybersecurity professionals? Michael Painter (Apr 03)
- Re: Federally Mandated Certification of cybersecurity professionals? Thomas Lim (Apr 07)
- <Possible follow-ups>
- Re: Federally Mandated Certification of cybersecurity professionals? Wolf (Apr 03)
- Re: Federally Mandated Certification of cybersecurity professionals? macubergeek (Apr 09)
- Re: Federally Mandated Certification of cybersecurity professionals? J. Oquendo (Apr 09)
- Re: Federally Mandated Certification of cybersecurity professionals? Pete Herzog (Apr 14)
- Re: Federally Mandated Certification of cybersecurity professionals? Stephen Mullins (Apr 14)
- Re: Federally Mandated Certification of cybersecurity professionals? Pete Herzog (Apr 14)
- Re: Federally Mandated Certification of cybersecurity professionals? Stephen Mullins (Apr 14)
- Re: Federally Mandated Certification of cybersecurity professionals? Pete Herzog (Apr 14)
- Re: Federally Mandated Certification of cybersecurity professionals? Andre Gironda (Apr 15)
- Re: Federally Mandated Certification of cybersecurity professionals? macubergeek (Apr 09)
- RE: Federally Mandated Certification of cybersecurity professionals? Shenk, Jerry A (Apr 03)