Why a Basset Hound?
Not sure what the picture of a Basset Hound on this story has to do with anything; still cute though!
British infosec firm NCC Group has been rapped over the knuckles after infosec accreditation body CREST found it was "vicariously responsible" for employees who helped staff cheat certification exams. In a lengthy statement published yesterday, CREST said last summer's exam-cheating scandal boiled down to just two incidents …
"...exam walkthroughs, cheatsheets [...] that would be helpful to anyone sitting CREST's CCT-INF (CREST certified tester – infrastructure), CCT-APP (applications) and CRT (pentesting) exams."
If any exam can be passed by use of materials such as this, it must be a pretty trivial exam, particularly in the realms of software testing and pen testing. Competence in these requires understanding and experience, which obviate the need for and can't be simulated by reference to "exam walkthroughs" or "cheatsheets" unless the exam questions are idiot-level.
However in my experience, with the exception of Masters degrees, the vast majority of security qualifications are merely checks of the ability to regurgitate parrot memory of matters not necessarily understood. On one institution-approved security management course I was contracted to deliver, at the end of four days "training" of a bunch of active practitioners, one asked me "how do you use a risk matrix?". The whole class passed the (computer marked) exam and got their certificates.
Maybe the standards of expertise expected explain to some extent the parlous state of infosec.
Biting the hand that feeds IT © 1998–2022