Access "Face-Off: Schneier and Ranum debate security certifications"
This article is part of the July 2006 issue of Exclusive: Security salary and careers guide
Bruce Schneier Point I've long been hostile to certifications--I've met too many bad security professionals with certifications and know many excellent security professionals without certifications. But, I've come to believe that, while certifications aren't perfect, they're a decent way for a security professional to learn some of the things he's going to know, and a potential employer to assess whether a job candidate has the security expertise he's going to need to know. What's changed? Both the job requirements and the certification programs. Anyone can invent a security system that he himself cannot break. I've said this so often that Cory Doctorow has named it "Schneier's Law": When someone hands you a security system and says, "I believe this is secure," the first thing you have to ask is, "Who the hell are you? Show me what you've broken to demonstrate that your assertion of the system's security means something." That kind of expertise can't be found in a certification. It's a combination of an innate feel for security, extensive knowledge of the ... Access >>>
Premium Content for Free.
- What's a Hot Pick?
Calculate You IT Security Salary
Learn how to calculate your IT information security salary based on certifications, job and years of experience, company size and industry.
Document Detective 2.0
- All In A Day's Work
The Right Stuff
SAVVY No two CISOs have the same background, but successful ones have similar skills.
- The XX Factor
What Are You Worth?
SALARY Six-figure security jobs have become common. Maybe you should slip this article into your boss's mailbox.
- 9 Habits of Highly Successful CISOs
Information security resume do's and don'ts
Get advice, and learn do's and don'ts for creating an information security technology or network security resume.
Hot Pick: Tenable offers solid vulnerability management
by Brent Huston, Contributing Writer
Product review: Tenable Network Security's Security Center 3.0 helps organizations throughout the vulnerability management lifecycle, from asset discovery to remediation.
Mobile Device Security
Mobile Guardian Enterprise Edition 5.1
Authentication: RSA SecurID Appliance 2.0
RSA SecurID Appliance 2.0
- Buy the Book
Moving On Up
SKILLS How do you rise in the security ranks? Don't speak geek; use the language of business.
Face-Off: Schneier and Ranum debate security certifications
Are security certifications valuable?
Perspectives: Security success sometimes hinges on politics and personalities
The best infosecurity professionals are situationally aware and attuned to what is happening to them and their environment.
Ping: Robert Garigue
- Editor's Desk
More Premium Content Accessible For Free
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...