W00t². I passed. The second test was quite serious; there was no playing around whatsoever:

Question 1: Using the space provided, write an improved implementation of a UDP checksum calculation in binary. (Note: the use of the 1 and 0 keys are not allowed) Question 2: Stand up and run as fast as you can into the nearest wall. Get up and come back to resume your exam.

…and those were just the warmup questions… Nah, but seriously. Very hard test. This one I’m proud to have…

Perhaps the reason I’m so into information security certifications is because I still haven’t finished my bachelors degree.

I have over 90 hours (from a “regular” school) and all I lack is some core, but despite my now excellent CV I still feel the pang of inadequacy due to not having finished my degree. So I’m considering once again doing something about it — sooner rather than later. I’ve always known I am going to finish before moving into management at around 40, but maybe I can do it earlier — online.

I’m considering University of Phoenix Online, which seems to be the premier option, but I still have some negative thoughts about the whole online thing. I wonder if others will feel the same way, e.g. hiring managers, peers, etc., or if it ultimately won’t matter. At this point I almost think the BS degree is a “check the box” issue more than anything else. You either have one or you don’t.

The program I’m looking at actually seems pretty cool; it’s a bachelor of science in information security:

Bachelor of Science in Information Technology/Information System Security

So what are your thoughts on the matter. Do I ruin my reputation by having one of these degrees? Or is it a “just get one” scenario where all that matters is that it’s an accredited school?

Any input would be appreciated…

W00t. The anticipation got to me and I decided to take my first of two GCIA exams. I passed in less than an hour with an 83. Not bad considering I haven’t done any studying other than listen to the training audio files…

The next one is noticeably harder, though. It’s more on snort and IDS than general TCP/IP knowledge. In my opinion, it’s the “real” test of the two. I’m confident, however, as I just did a practice test for it and passed (not by much) without using any resources…

Yeah, feelin’ good…

So I’m trying my best to make time to study for my SANS Intrusion Analyst (GCIA) exams. I just passed a practice test using no resources whatsoever, so that boosted my confidence a bit, but overall I’m a bit worried.

I’ve had to put forth relatively little effort to get the certifications I have thus far, but I’m thinking this one’s going to be different. This one is the first that’s supposed to represent actual expertise, as opposed to just familiarity.

Anyway, If you see me posting about being the latest GCIA-certified mofo in town, you’ll know I passed. If you hear nothing at all…that means it didn’t go so well. Here’s to hoping it’ll be the former…

I’ve just completely redone my write-up on infosec certs. Enjoy.

LINK: A Guide To Information Security Certifications

I’ve consistently heard one thing about IT consultants — most of them suck horribly.

I have to say that I’ve also found this to be true, but not for the reasons I thought. I thought it was an issue with technical ability, but it’s not. It’s not that the consultants I’ve seen are weak technically; their problem is that they seem to have very little regard for what clients want and need, which, if I were to nitpick, is of at least moderate interest.

I’ve seen on a number of occasions where the consultant comes in and essentially starts preaching to his flock. This is how it’s going to be, we know what’s best for you, etc. They simply fail to listen, and what makes it worse is that they seem to favor pre-packaged solutions over those that are customized. Of course, in order to customize a solution they’d have to listen to the client, which could be part of the problem.

At any rate, while it’s bad for most clients (since they’re dealing, by definition, with most consultants), it’s actually quite positive for me. I’m coming to realize that I can be at a major disadvantage technically, i.e. not even in my area, and still offer far more to the client than a so-called expert. The reason for this is simply the willingness to truly listen to the problems that a client is facing, and then follow-up with efficient, customized solutions.

Perhaps it’s bad business to do this; perhaps I’m being naiive about how consulting works. I’m willing to accept that as a possibility. I do know, however, that it’s not possible to make money doing using my approach then I will simply move on to something else. I refuse to become what I see in these others. For the time being, though, I’m going to continue with my theory that you can make money consulting in this ideal, enjoyable way.

We shall see.

So I’m taking the CISA exam in June. If anyone has information on the best material to study, or any other tips for passing the exam, I’d appreciate it.

Many people debate which is more valuable to an employer — certifications or a four-year degree, and why.

I have the answer (lucky you).

In the past the answer was a resounding, “college”. This is because anyone who had gone through four years of arduous study in various disciplines was simply exposed to more and able to adapt easier to assorted challenges.

This isn’t the case anymore. These days, many college graduates can scarcely read and write — let alone do mathematics or logically approach problems.

The rise of the importance of certifications is simply a response to this fact. Managers need something to go by, and they have been shown time and time again that a four-year degree isn’t a guarantee of anything. So, in the absense of that benchmark they’re being forced to choose another — certifications.

It’s really that simple — as the quality of university graduates fall, employers’ dependency on and requirement for certifications will rise.

Well, Paul Graham has done it again. Stop what you’re doing and go read this essay. Here’s a quote I liked a lot:

“The test of whether people love what they do is whether they’d do it even if they weren’t paid for it– even if they had to work at another job to make a living. How many corporate lawyers would do their current work if they had to do it for free, in their spare time, and take day jobs as waiters to support themselves?”

Link: How To Do What You Love

An excellent piece about how so many miss the point of what college is:

http://www.iwillteachyoutoberich.com/archives/2005/11/your_college_is.html