Access "Face-Off: Schneier and Ranum debate security certifications"
This article is part of the July 2006 issue of Exclusive: Security salary and careers guide
Bruce Schneier Point I've long been hostile to certifications--I've met too many bad security professionals with certifications and know many excellent security professionals without certifications. But, I've come to believe that, while certifications aren't perfect, they're a decent way for a security professional to learn some of the things he's going to know, and a potential employer to assess whether a job candidate has the security expertise he's going to need to know. What's changed? Both the job requirements and the certification programs. Anyone can invent a security system that he himself cannot break. I've said this so often that Cory Doctorow has named it "Schneier's Law": When someone hands you a security system and says, "I believe this is secure," the first thing you have to ask is, "Who the hell are you? Show me what you've broken to demonstrate that your assertion of the system's security means something." That kind of expertise can't be found in a certification. It's a combination of an innate feel for security, extensive knowledge of the ... Access >>>
Premium Content for Free.
- What's a Hot Pick?
Calculate You IT Security Salary
Learn how to calculate your IT information security salary based on certifications, job and years of experience, company size and industry.
Document Detective 2.0
- All In A Day's Work
The Right Stuff
SAVVY No two CISOs have the same background, but successful ones have similar skills.
- The XX Factor
What Are You Worth?
SALARY Six-figure security jobs have become common. Maybe you should slip this article into your boss's mailbox.
- 9 Habits of Highly Successful CISOs
Information security resume do's and don'ts
Get advice, and learn do's and don'ts for creating an information security technology or network security resume.
Hot Pick: Tenable offers solid vulnerability management
by Brent Huston, Contributing Writer
Product review: Tenable Network Security's Security Center 3.0 helps organizations throughout the vulnerability management lifecycle, from asset discovery to remediation.
Mobile Device Security
Mobile Guardian Enterprise Edition 5.1
Authentication: RSA SecurID Appliance 2.0
RSA SecurID Appliance 2.0
- Buy the Book
Moving On Up
SKILLS How do you rise in the security ranks? Don't speak geek; use the language of business.
Face-Off: Schneier and Ranum debate security certifications
Are security certifications valuable?
Perspectives: Security success sometimes hinges on politics and personalities
The best infosecurity professionals are situationally aware and attuned to what is happening to them and their environment.
Ping: Robert Garigue
- Editor's Desk
More Premium Content Accessible For Free
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...
The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update ...