To recertify or not?
Well my GCIA is soon about to expire and I am faced with the decision of deciding whether or not I want to recertify. I have had my issues with SANS as of late and still do. The problem for me is that I invested a lot of time and effort in getting my GIAC certs. I am loathe to let them expire, but I really no longer care for the way that they are conducting business ie: having devalued the entire cert family and then flip-flopping. Like many people I am not a huge fan of the certification industry as it is largely a self-serving one. Reality is though, most of us have to maintain certs.
Technorati Tags: SANS, GIAC, Certifications
HAL Says:
July 19th, 2007 at 10:38 pm
Don,
I read your latest post to securityfocus with interest. While I agree that ‘practical knowledge is where it is at’, I would offer that ‘All work and no play makes Jack a dull boy’.
The value of some of those ‘conferences’ is psychological to a certain crowd. Granted, while there are those who use it as a work escape, and waste of money, for some of us, it constitutes a way of also getting a vacation in, and getting away from the wage slave bit for even just a little bit. That, and we need something to turn in for credits for useless certs to maintain work status with people who don’t have a clue how to determine one security guru from the next.
Another point is that it gives some of us ‘hope’, in that there is proof that people are taking an interest in the subject material, and at least discussing topics. I particularly enjoy some of them just to see how other people reason their way through issues and problems, finding flaws in IT constructs, that would not occur to the tradiional, braindead, run of the mill architects and ‘engineers’ I work around, which, by the way, almost to a man jack, have never heard of, or have an intention of, becoming a professional engineer (i.e., P.E.). They just bastardize the term, and are in the field for the money, because the topic is hot. They will go back to advertising, accounting, stock trading, or just plain selling snake oil as the times shift.
So I get excited whenever I see ‘certs’, thinking that perhaps this individual may have stayed up the countless hours to learn, grow, live and breath on the wire, and may be a peer of any sort. While they may not have spent thousands of dollars on training, disappeared off the face of the planet for a decade, spent countless hours waging cyber engagements, have three degrees or the battle damage to prove it like some people, they may just have caught the fire and excitement that comes from a clean compile, a well implemented algorithm, or a ‘job done right’…. and a conference is a place sometimes where they may feel some kindred spirits are really out there, and get proof of that.
So if the junior troops apply to go to something that may not exactly be practical (completely), make them earn it, or pay something themselves (’suffer for the art’), but don’t kill their dreams and hopes of engaging in something bigger than themselves and doing good things for the electronic society that is evolving around them. I’m glad that people even read or care.
Thanks. By the way, your articles are well written, coherent, and your tutorials concise and to the point. I use them all the time for the kids. Kudos.
Best, Hal
CISSP/ISSEP (I was under the mistaken impression for quite awhile that the people who made up the questions for the later actually know something about infosec. They do, to an extent, but do not lead the pack. Well, spilt milk.)
Don Parker Says:
July 26th, 2007 at 2:55 pm
Hi Hal,
Sorry for the late response, been quite busy as of late. Many thanks for the kind words. I have always strived to make my articles brief, easy to read, and of a practical nature. It is gratifying to hear that I have been successful in that regard. Aye the column I wrote at the other site has struck a nerve with quite a few people, mostly positive, and a few negative. You can’t please them all!
Cheers,
Don
HAL Says:
July 28th, 2007 at 6:30 am
Don, I’m sure you have. I only *wish* I could be as productive and accurate in focus as you, my hat is off, Sir.
You are, of course, 100% on target with the www.securityfocus.com article, and getting people to focus on work, instead of coffee/kabitzing/phone/personal errands/etc. is a never ending struggle. The professional boon doggle only adds to the mess/mix.
For any and all who might read Don’s articles, they are head and shoulders above the usual goobledy-gook in the trade space, and I cannot count the number of times I have referred back to them or told someone, ‘It’s on Don’s site’. With the demise of SysAdmin this month, even more reason to keep this up. Again, Kudos.
Going to Hat/Con this year in Vegas (real people go to RSA), it asks the question of where do these ‘things’ fall in the area of making one better at the ‘infosec’ job, and is it worth the time and money?
One thought: it is a compendium of various individual’s and small groups approaches at issues related to the computing space, and instructional for the generalist to see the different ways theory is turned into practice, Math into Physics. It informs as to what is the possible skill level of the opponent, and how sharp is the mind on the other end one may face. It is also part of the level of information out in the public domain, so it is the minimum that must be taken into account when constructing defenses (because it is common knowledge). So it’s worth knowing about, and of course, who can pass up a Vegas boondoggle. Infosec during the day, shows and action at night. Back to defending the castle soon enough.
Thank you Don, and there is not enough good things to say or offer in exchange for the value you add to common body of knowledge.
Best, HAL - I’ll be the one giving Tony a hard time at Hat.
Don Parker Says:
July 28th, 2007 at 12:29 pm
Say hey Hal,
I need to update my website as it is horribly out of date. Specifically, the articles section. Who is Tony thought at Blackhat? One of the presenters? If there are articles that you would like to see written then shoot me an email and let me know. Was hemming and hawwing about going to BH this year, but in the end decided not to bother. Will likely attend next year though.
Salut!
Don
HAL Says:
July 28th, 2007 at 9:40 pm
Don,
Tony Sager. Rep from a certain federal entity. Leading off, opening speech. The issue is this:
His Directorate within that Agency touts itself as a leader in providing infosec guidance to security practitioners and is a source of good information for people engaged in securing networks. He does, however, work for a place that also does other things, and I’ll leave that to your imagination, but it doesn’t take too much thought to imagine where those trails may go.
Given that, what assurance can he give the security professionals and the industry in general that he is not dumbing down the product or protecting ‘equities’ within his own organization; additionally what assurances can he provide that future efforts will not be tainted by those same exigent interests. He will know what that means.
As far as future efforts, this may or may not be in your field of interest. Enterprise Management Systems and agent based computing. OS vendors have a heck of a time patching, fixing, etc. against the latest crap code that microkernel cores have to contend with due to their very nature, and have done all sorts of work recently to fight back against rootkits, vm hypervisor attacks, etc, etc., but what if you have a piece of software, installed by the locals themselves, with full control, that has weak authentication and poor protocol implementation, but with full privs, because, by the very nature of it’s intended function, it needs full privs? Defects in that would drive OS vendors crazy, because there is nothing they can do about it. And it gets around every other defense, because it is supposed to be there to start with; but maybe it’s accepting signals and directions from just not quite the right IP, or just not quite the right session. As firms and groups of people/orgs have to move to larger server farms, sys admin has to be done on a large scale, not one expert action at a time, necessitating NOCs full of ‘punch button-gui based’ low end sys admins who would not recognize an incident if it was in front of their face.
Well, just a thought. Can’t be fixed, but with proper multiple reinforcing checks in place, can be detected and at least mitigated. But what to detect, and how to mitigate is an issue, because, as you know, everyone’s products are perfect.
I guess what I would offer is that what may be of future interest is how to build assurances into grid computing, mobile objects, and larger than one box/one os security paradigms. Especially since we are all placing our futures in these constructs and trusting our future life outcomes to the readouts on the displays of those who would judge us for credit, access to something, approval for something else, etc. etc.
Back to configuring my vLDAP.
Best, Hal