Security Tip: Don't be seduced by penetration testing certifications
There's been a lot of recent talk about certifications for penetration testing, but don't be swayed. You must continue to carefully vet your security partners when it comes to protecting your perimeter. Here's why.
First, most certifications and certifying organizations are little more than cash cows. Take some of the more popular certifications such as ISC2, A+, MCSE and others. They've become big businesses, and generate lots of money. Even the secondary markets such as books, training courses etc. are raking in the cash.
Second, certificates aim to establish only minimum levels of knowledge, and who really wants to hire that?
Third, certifications do not address a client's knowledge barrier -Understanding what penetration testing is, how it differs from a vulnerability assessment, when to properly use it as a tool and when it may do more harm than good are just a few lessons a security partner must pass along.
The harsh truth is that certification of penetration teams is just another false security blanket for organizations that want to avoid the hard work of vetting a security partner, and sadly, the majority put way more stock in certifications than they should. It is a dangerous situation.
Here's the tip. Forget about the certification. If you're in the market for a security expert who specializes in penetration testing, do reference and background checks, analysis of professional business items such as insurance, more traditional means of verifying that a business is really what it seems to be.
MicroSolved, Inc.
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
