An update first (courtesy of the Washington Times):
Here's how I'd read this. The guys tapped to head up this effort were snowed by their technical people and as a result are going to place human bodies in roles probably better served by an off-the-shelf 2u rack appliance per 100 target machines running some good vulnerability check software.Originally Posted by Washington Times
Hacking covers a wide range of disciplines and arts that do not lend themselves well to the certification process, if for no other reason than the underlying technical and psychological assumptions change so frequently that there's little if anything approaching useful general principle. A general course looks more like a full year of collegiate study--and is aimed for the professional computer scientist and engineer, not the work-a-day technician. That general course usually considers 2-years minimum experience in on-the-job information security experience as a must, and only places tools in the hands of people apt enough to explore the vast, unpredictable landscape of penetration testing and defense.
This is why security market vendors bundle training with their products. Train people to work very well with a very limited tool set--or better yet, replace them with appliances--and keep your over-educated, over paid generalists on retainer exorbitant to paper over the cracks.
On the other hand, if DoD is spot on if they're looking to build the IT equivalent to the TSA.
PH Cannady
Correlate Systems
Bookmarks