Starting your own C...
 
Notifications
Clear all

Starting your own Cert in DF

9 Posts
6 Users
0 Likes
391 Views
(@tootypeg)
Posts: 173
Estimable Member
Topic starter
 

Been thinking about starting a certification (like an EnCE etc) and just wondering what the issues, thoughts around certs are etc?

Obviously there are some existing issues and polarised views on cert processes, but to just humour me for a bit, what would the perfect cert and cert process be for everyone, assuming there is a gap in the market and that i could fill it (obvs i'm anonymous so you have to just buy into it).

Things i'm curious about are costs, logistics, likely buy in, pitfalls etc, format, assessment types/structure and anything else

 
Posted : 10/05/2018 8:02 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Whats the reason to get a cert?

 
Posted : 10/05/2018 10:53 am
(@tootypeg)
Posts: 173
Estimable Member
Topic starter
 

a measure of competence maybe? Vendor neutral, examines core abilities or maybe has a tiered approach in difficulty. Might support adherence to certain standards? Just a thought.

Can something be done to improve upon what we already have? in fact, we dont actually have that many do we?

 
Posted : 10/05/2018 10:55 am
(@mcman)
Posts: 189
Estimable Member
 

I bucket them into 2 categories
General competency in a task or category (computer/mobile/JTAG/etc…) which isn't tool specific and tool competency which obviously comes from the tool vendor, both valuable in their own way.

I find the general competency ones are good for getting hired and recognized by your peers (to a degree) especially if they don't know you or your work ethic personally. CFCE, SANS certs, etc… are good examples here.

The tool focused ones also have value in showing competency in a particular tool and it's use. While tools aren't certified for court, the examiner is and showing that you're competent in the tool you used (whatever tool that was chosen for the given task) is important. All tool certs are going to have some level of general forensics training associated to it and that knowledge is transferable but it's usually in reference to it's application in the specified tool.

You mentioned vendor neutral in the last post which would likely fall under general competency but your original post mentioned EnCE which would fall under tool competency IMO.

Not sure your end goals with it but that's typically break them down.

 
Posted : 10/05/2018 1:35 pm
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

I find the general competency ones are good for getting hired and recognized by your peers (to a degree) especially if they don't know you or your work ethic personally. CFCE, SANS certs, etc… are good examples here.

That is what references are for. Even a teacher on a forensics course can be a reference if you have zero experience.

I despise certificates, it puts the financial burden on the individual for something someone once sold to the community as a product. If certificates were given away for free, then there would be no drive from anyone to have them.

 
Posted : 11/05/2018 5:33 am
(@tootypeg)
Posts: 173
Estimable Member
Topic starter
 

What about a banded cert based on role?

Level One Graduate.
Level Two Technician.
Level Three Junior Analyst.
Level Four Advanced Analyst.

Costs could be negotiated based on consensus I think. Would need to define industry consensus on core competencies at each level in order to pitch something at each point. We would be happy to discuss offline

 
Posted : 11/05/2018 6:58 am
(@mcman)
Posts: 189
Estimable Member
 

That is what references are for. Even a teacher on a forensics course can be a reference if you have zero experience.

I despise certificates, it puts the financial burden on the individual for something someone once sold to the community as a product. If certificates were given away for free, then there would be no drive from anyone to have them.

I agree with you but that's not the reality of the industry. The DFIR industry is pretty small and you're still going to need external validation through either a cert, reference, or testing during the interview process.

References are a dime a dozen. Anyone can find someone out there to say something nice about them. There's only value in a reference if it's someone with influence in the industry or there's a personal/professional relationship between the one giving the reference and the hiring manager/org.

Jamie

 
Posted : 11/05/2018 1:15 pm
(@athulin)
Posts: 1156
Noble Member
 

Been thinking about starting a certification (like an EnCE etc) and just wondering what the issues, thoughts around certs are etc?

Utility, Credibility, Validity

Credibility is probably going to cost you. There are standards for certifying organization – you may need to get a certificate of your own just in order to separate yourself from the common diploma mills.

The Wiki article on Diploma Mills has some useful points to ponder. (as does https://www.propublica.org/article/no-forensic-background-no-problem )

(I have a certificate from the Universal Life Church that I'm an Certified Prophet. I think – I only use it when I want to discuss finer points of certification with people who haven't had to face the problem in detail.)

Just remember to cast a glance at the CCFP from ISC2, who are a fairly highly regarded certification company (modulo issues like those you mention). ISC2 announced the certification in 2012 (or perhaps it was 2013), several 'solid' education companies jumped aboard, but as of one or two years ago, the courses have been cancelled and existing certificates will lapse in 2020.

Why did they fail? It probably wasn't in the infrastructure and the logistics of computer forensics certification – it must have been something else.

 
Posted : 11/05/2018 1:36 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I have a certificate from the Universal Life Church that I'm an Certified Prophet.

You mean the ULC?
https://en.wikipedia.org/wiki/Universal_Life_Church

Good to know ) .

I attempted something similar, thinking that it would have been more fun than ULC, but for some reasons the CFSM didn't provide me with an actual certificate wink
https://en.wikipedia.org/wiki/Flying_Spaghetti_Monster

jaclaz

 
Posted : 11/05/2018 6:14 pm
Share: