More Certs...

the_Grinch

I was looking up information on Wireshark and seems they will be providing certifications now...not enough certs out there!

Laura Chappell's Wireshark University

astorrs

the_Grinch wrote: »

I was looking up information on Wireshark and seems they will be providing certifications now...not enough certs out there!

Laura Chappell's Wireshark University

Laura is a Wireshark god, I would expect the CBTs to be very technical and informative as a result.

malcybood

Yeah try watching some of her training videos on Youtube.

Links here

Laura Chappell's Wireshark University

dynamik

the_Grinch wrote: »

I was looking up information on Wireshark and seems they will be providing certifications now...not enough certs out there!

Laura Chappell's Wireshark University

Bookmarked, thanks!

Laura_C

Well... thought I'd jump in here and explain the 'why' regarding the Wireshark Certified Network Analyst program...

Too many IT folks out there know how to install/configure a TCP/IP network, but do not truly understand how TCP/IP (and common apps) communicate. Some folks know how to capture traffic using a variety of analyzers, but cannot decipher the communications to point to where the problem lies. These really should be fundamental skills acquired by all serious IT folks.

The Wireshark Certified Network Analyst test validates a candidate's ability to differntiate between normal and abnormal communications, and - in the case of abnormal communications - spot the possible cause of the problem or the next step in problem resolution.

The test consists of a set of multiple choice, free form and lab-based questions. In many cases, candidates must open a trace file, identify the cause of a communication fault and successfully answer a question based on their findings. The test is run in a virtual environment, where the candidate has access to Wireshark and all the features they would have at their fingertips when onsite.

In my ideal (packet-colored) world, I'd like to see network analysis be taught during the basic courses on networking - to visualize the traffic often helps understand how it works.

As a side note... we are going to open Chappell University on or about February 1st (the same target date for the certification public release). Chappell University is my new venture to create affordable, dynamic training on a variety of topics including network analysis, troubleshooting, security, network forensics, host forensics, traceback/reconnaissance, network mapping, decoys/deception, OS stack behavior, private investigation services, federal/state cybercrime reporting/cooperation, and more. We currently have over 100 labs ready to go and I'm creating more every day. I'm always listening for new topics to develop/record/train on, so feel free to email me your thoughts at lchappell@packet-level.com.

Now go eat some candy, Grinch! <g>

the_Grinch

Thanks for explaining the cert and process behind it more! I guess my main fear is it not taking off (hoping it does). Don't see that being an issue, but one never knows. Again thanks for the info!

Laura_C

Well... here's a tidbit for you... as we also wondered if a cert would be welcomed. Currently we have over 3,000 people on the waiting list to take the exam. I believe the interest is most definitely linked to Wireshark's most definite triumph as the defacto standard in network analysis - they are up to over 500,000 downloads a month now.

-Laura

JDMurray

Any vendor looking to produce certifications for their own products should understand the great lengths they will need to go in protecting the intellectual property of their exams. Certifications are worthless if the exam's IP can be easily copied and distributed across the Internet. Testing controls must also be in place to insure that the person who receives the certification is the person who actually took the exam.

Product vendors may typically start with certification exams that are Web-based, open book, and can be taken from the comfort of one's home. This model relieves the need of the vendor to partner with Prometric or Vue as testing centers and saves the vendor a lot of money. It also makes the exams very easy to change in a moment's notice.

However, in this model, it is impossible to protect the information that is appearing on the screen. It will be copied and distributed along with the best guess as to the correct answer. It is also impossible to verify who is actually taking the exam. And open book certifications only test how well a candidate is able to look up information, and not necessarily what they know or how well they can apply their knowledge. The lack of authentication, confidentiality, and integrity controls in this model makes it one to be avoided.

One other issue is exam cost. A cert vendor may only be thinking of business customers when they put a very large price tag on each certification exam. Many business products (e.g., VMWare, Snort, Wireshark) have a hobbyist fan-base that simply can't afford $300 per exam (or $3000 with mandatory training class). Having two tiers of exams--one for hobbyists and one for professionals--is a better solution for all.

Oh--and wait until you discover how much it actually costs to write really good, high-quality exam items. Ask the (ISC)2 about that.

Ahriakin

Good points JD but they do have to start somewhere. I don't know how hard it is to get your exams into the Prometrics of the world but I imagine it is not cheap.
Anyway I welcome a formalized Wireshark certification, it definitely should become one of the bread and butter security/network management certifications (as long as it's integrity can be protected as JD has pointed out - just not, after mentioning the ISC(2), with a similar good-old-boys-club attitude of recommendations ...yes I beat the old horse, hah ), it's useful for almost all aspects of networking in some way or another.
Thanks for posting here Laura.

mikej412

JDMurray wrote: »

Having two tiers of exams--one for hobbyists and one for professionals--is a better solution for all.

I'd go one step further -- an Expert Level with a Proctored Lab Exam. And it could even be something as simple as sitting down with a proctor, Wireshark, and an exam trace file and answering the question "what do you see?" Of couse there would have to be a few interesting issues in the trace file

JDMurray wrote: »

The lack of authentication, confidentiality, and integrity controls in this model makes it one to be avoided.

I finally decided to get Cisco Certifications because of the CCIE Lab Exams -- yet I've met CCIEs who don't even seem to have the skills of a competent CCNP -- so no model is perfect.

Hopefully there would such a large set of practical questions that it would be too much work for the **** vendors to "document" them all, but there would still be the "hired test taker" issue.

JDMurray wrote: »

One other issue is exam cost. A cert vendor may only be thinking of business customers when they put a very large price tag on each certification exam. Many business products (e.g., VMWare, Snort, Wireshark) have a hobbyist fan-base that simply can't afford $300 per exam (or $3000 with mandatory training class). Having two tiers of exams--one for hobbyists and one for professionals--is a better solution for all.

If the 4 DVDs I saw on the web site (at $300 each) are the self-study option -- the price didn't even make me blink. As for the exam price.... I could see a WireShark Certification being worth more than an A+ or Network+ Certification, but not if its something "that guy on the helpdesk who has all the those certifications" gets first.

JDMurray

Ahriakin wrote: »

Good points JD but they do have to start somewhere.

And it's best not to start in a bad place. Once damaged, PR is very time-consuming and expensive to recover.

Ahriakin wrote: »

I don't know how hard it is to get your exams into the Prometrics of the world but I imagine it is not cheap.

A secure exam situation that does not rely on dedicated exam hosting centers is also possible. The (ISC)2 found a different exam administration solution, but it's not without its drawbacks too.

Uchiha Sasuke

I have her DVD course and I must say WOoow it's very nice material

Excellent combination with Cisco

Kasor

I will look at this one since I'm using this product at work. It will be something that good to know.

Turgon

Laura_C wrote: »

Well... thought I'd jump in here and explain the 'why' regarding the Wireshark Certified Network Analyst program...

Too many IT folks out there know how to install/configure a TCP/IP network, but do not truly understand how TCP/IP (and common apps) communicate. Some folks know how to capture traffic using a variety of analyzers, but cannot decipher the communications to point to where the problem lies. These really should be fundamental skills acquired by all serious IT folks.

The Wireshark Certified Network Analyst test validates a candidate's ability to differntiate between normal and abnormal communications, and - in the case of abnormal communications - spot the possible cause of the problem or the next step in problem resolution.

The test consists of a set of multiple choice, free form and lab-based questions. In many cases, candidates must open a trace file, identify the cause of a communication fault and successfully answer a question based on their findings. The test is run in a virtual environment, where the candidate has access to Wireshark and all the features they would have at their fingertips when onsite.

In my ideal (packet-colored) world, I'd like to see network analysis be taught during the basic courses on networking - to visualize the traffic often helps understand how it works.

As a side note... we are going to open Chappell University on or about February 1st (the same target date for the certification public release). Chappell University is my new venture to create affordable, dynamic training on a variety of topics including network analysis, troubleshooting, security, network forensics, host forensics, traceback/reconnaissance, network mapping, decoys/deception, OS stack behavior, private investigation services, federal/state cybercrime reporting/cooperation, and more. We currently have over 100 labs ready to go and I'm creating more every day. I'm always listening for new topics to develop/record/train on, so feel free to email me your thoughts at lchappell@packet-level.com.

Now go eat some candy, Grinch! <g>

Very interesting. Laura I will drop you an email about this. I like the material you have contributed to in Cisco Press. It's true that the mechanisms of TCP/IP are often lost on many IT professionals. TCP handshaking is just one area that gives people problems. A lack of understanding there can lead to spurious interpretation of firewall logs for example. There are many other rudimentary elements of networking that many people need to work on particulary in the 'state machine' topics. A little college can help there if you study data comms and books by writers such as Stevens and Stallings.

How does this track stack up against say Sniffer exams in terms of the goals you are setting?