Back in September I took the SANS 560 - Network Penetration Testing and Ethical Hacking class. This was an excellent class. It covers every aspect of penetration testing from defining rules of engagement, legal matters all the way down to exploitation and post exploitation and data exfiltration. While in my normal day to day work I don't do much of this I am starting down that path. The only way to double check your security procedures is to test them with the same tools that hackers will.
After starting the class I decided it might be of value to certify. I have found in my career that many members of executive management have issue with trusting and believing what their staff say. It is almost better to hire somebody at $400 per hour to say the same things employees are. Because of this I have found if staff have a certification it is almost a out side force re-affirming that this person has some knowledge. Who knows if this theory is correct but it sure seemed to be when I got my RHCE. At the very least it gives me another thing to hang on the wall.
