[Novalug] IT courses for certifications - Security certs.

Miguel Gonzalez Castaños miguel_3_gonzalez at yahoo.es
Thu May 3 17:40:56 EDT 2007 

Paul D. Bain escribió:
> ---- Original message ----
>   
>> Date: Thu, 03 May 2007 16:02:15 -0400
>> From: Joel Fouse <joel at fouse.net>  
>> Subject: Re: [Novalug] IT  courses for certifications  
>> To: Miguel Gonzalez Castaños <miguel_3_gonzalez at yahoo.es>
>> Cc: novalug at calypso.tux.org
>>
>>   Miguel,
>>
>>   You could check out Hands-On Technology Transfer
>>   (HOTT).  Their site is http://traininghott.com/ .
>>
>>   I know nothing about this company AT ALL, so don't
>>   take this as a recommendation. I simply got one of
>>   their catalogs in the mail the other day and noted
>>   that they have a facility in the area.
>>
>>   - Joel
>>
>>   On Thu, 2007-05-03 at 15:29 -0400, Miguel Gonzalez
>>   Castanos wrote:
>>
>> Hi,
>>
>>   I'm looking for some online courses or maybe physical courses in the
>> area of Baltimore or DC. I would like to pursue a Security certification
>> (maybe A+, but I heard really bad opinions on this forum about this) or
>> other Linux certifications. 
>>     
>
> Miguel,
>
>      I am not an information security ("Info Sec") expert, but I studied Info Sec for about seven months (2005 to 2006) when trying to switch get into that area (I am now back in J2EE development and web administration). I learnt several things during that time. First, although employers prefer the CISSP certification far more than any other Info Sec certification, the Info Sec experts themselves consider the GIAC to be a better indicator of knowledge. I have met a few holders of the CISSP, and some of them did not impress me at all.
>
>      Second, even the GIAC may not be as valuable as "hands-on" experience, which would include, for example, simply experimenting with the various tools of the Info Sec trade. These tools include port scanners (nmap is, by far, the most popular port scanner), vulnerability assessment scanners (e.g., Nessus or OpenVAS, the OSS fork of Nessus), and exploitation frameworks (e.g., MetaSploit). You might also want to investigate rootkit detectors (I recently had to use chkrootkit), other malware detectors, intrusion detection systems (IDS's, such as Snort or Tripwire), and tools for disassembling software (in order to determine, for example, whether a binary file is malware, such as a trojan horse, rootkit, or packet sniffer).
>
>      Third, IIRC, one of the best books I bought on Info Sec was one as to which Steve Northcutt (a guru) was a co-author. I cannot remember the title. Another was the O'Reilly on network vulnerability assessments. A third was the O'Reilly "Security warrior" (the one whose front cover bore an illustration of several samurai). An amazing number of books on Info Sec are worth very little or contain erroneous information. The articles that appear in the popular, mainstream press are equally bad. IIRC, one such article actually advised that "In obscurity lies security." I am not kidding. I can only wonder how such bad advice finds its way onto the pages of a printed magazine.
>
>      Fourth, getting into the Info Sec field is _much_ harder now (2007) than it was about four or five years ago. Apparently, every formerly under-employed systems administrator has already jumped into that area, sating the demand for Info Sec experts.
>   
Thank you for the recommendations. I am actually trying to get some 
proficiency on these topics and who knows, maybe some day go back to 
Spain and get a job, although I don't discard the possibility of 
learning this for my current job :)

Any courses you recommend me?

Miguel

More information about the Novalug mailing list