Just a note… on this EC-Council cryptolocker breach, and inspired by @da_667 on twitter because he doesn’t have his head up his butt.
First of all EC-Council supports a wonderful program called Certified Ethical Hacking, which as a cert is:
1: Affordable, and
2. Obtainable by people just starting out in the program of cybersecurity program
Saw someone post out there on twitter yesterday about why they are against certification and their opinion is invalid (and sucks).
Most people starting out can’t afford SANS certification or courses yet, and CEH still has a place still in Cybersecurity.
I’m sick of hearing people talk crap at conferences from pre-madonnas – as certification and formalize education allows people starting out or interested in certain topics like:
1. Push themselves to learn something they haven’t learned before.
2. Expand on their knowledge in a way that helps to fill in gaps and areas they may not even know they are missing.
3. Help to show potential employers that the person is actually interested enough in the field of cybersecurity to obtain something related to it.
4. Builds confidence in people to move to bigger and better things.
With that being said, yes it’s ultimately up to the candidate for a job to prove themselves during the interview process and that goes well beyond a cert.
However, that cert will get them recognized and shouldn’t be looked down on as there are many in the field that have it. Some of those individuals are the friends you present with at conferences and support.
I’m currently not one with a CEH – just pointing out facts – but hell… I’m probably going to get CEH anyway.
I will admit while the irony of a cert website getting breached sounds funny at first, this is truly sad.
EC-Counsel helps to bridge the gap and hopefully provide a stepping stone to help elevate people to a job they may actually be passionate about.
To bash EC-Counsel or the certification, is complete BS… instead use your talents to help them. You’re that good at pentesting and helping out… contact the EC-Counsel – I’m sure they can use your assistance as this isn’t the first time their website has been breached. Put-up or shut-up.
Stop bashing security certification as this only helps to:
1. Make students disinterested in pushing themselves to a formalized or common body of knowledge program that may expand their knowledge.
2. Make our cybersecurity community as a whole weaker in the process as it may create gaps in knowledge of various systems.
3. Keeps people insecure in their knowledge.
So are certs a means to an end? No… but they are a great pathway to the freedom we enjoy in Cybersecurity and perhaps a builder of greater speakers and professionals to come.
Speaking from experience, I wouldn’t be where I’m at if I didn’t have a formalized education in Information Assurance/Cybersecurity that made me realize I’ve been pentesting systems since I was 11 years old.
Just never put it together or thought I was good enough… until I went through a program that gave me the confidence.