Debating With Cert-ainty?
You asked: Are security certifications valuable (Face-Off, July 2006)? I think the question ought to be: Are micron- thin discussions of this type valuable?
Don't get me wrong, I admire and respect Bruce Schneier, even though his academic pronouncements usually bear little relevance to my work. Marcus Ranum can always be counted on for a good "straight-from-the-lip" quote, but neither of these estimable gentlemen adds anything to the certification debate.
A certification is only one factor, among many, that goes into a hiring decision--and I have never known a hiring decision to be made on that factor alone.
However, if information security certifications are of dubious value--a point made by both contributors--I'm at a loss as to why the piece is titled "Face-Off?" And, does that invalidate broader certifications such as MCSE?
John A. Blackley
Information security consultant
"Are Security Certifications Valuable?" I find it disturbing that the question was even asked. A more appropriate question might have been "What is the value of security certifications?" for that seems to be the how the question was answered.
While you're at it, you might as well have asked if any certification or diploma has value. What is the difference between cramming for multiple years to achieve a formal degree, versus cramming for a few months to achieve a certification?
At the very least an individual has proven the ability to acquire and demonstrate new knowledge and skills. Also remember that an "expert" is simply someone who has already made most of the mistakes.
Perhaps if both or either of these gentlemen would offer a better alternative for the measurement of basic ability, we would all be better off.
FreeBSD Is No Linux
The article "Linux Patch Problems: Your Distro May Vary" by Edmund X. DeJesus (SearchSecurity.com, July 27) is a sad anomaly in a site that I respect and enjoy reading.
The author appears to know so little about Linux, that he lumps FreeBSD and OpenBSD into the Linux bucket. They are quite different since they don't even run the same kernel and core utilities. It's not enough to simply total up numbers for applications--you have to consider the base upon which those applications run. FreeBSD and OpenBSD do not assume that you want to run everything. OpenBSD in particular has a default installation that is secure, and it's up to the administrator to choose the applications and level of exposure.
I use OpenBSD in my course work, and have contributed to the project as a way of thanking the group for such an excellent operating system. I am a former DEC Ultrix, HP-UX and Solaris systems administrator, and I was delighted to discover OpenBSD. I would like to suggest a review of OpenBSD, highlighting the security improvements in the code and the core applications--the stuff under the hood that makes exploits harder and limits the damage if they do occur.
Professor, School of IT, Durham College, Oshawa, Ontario, Canada
Send your e-mails to email@example.com.