TCNA - Tenable Certified Nessus Auditor

lordmorgothlordmorgoth Member Posts: 25 ■□□□□□□□□□

Comments

  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    I looked at it before and decided it's just another product-specific from a vendor trying to make a little extra money. I use Nessus at work, but see no reason to spend money to becomes a certified user. Same thing for Splunk, Wireshark, etc - I prefer to RTFM for free :)
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • nicklauscombsnicklauscombs Member Posts: 885
    cant see the value in this beyond just learning to use the product well.
    WIP: IPS exam
  • lordmorgothlordmorgoth Member Posts: 25 ■□□□□□□□□□
    cant see the value in this beyond just learning to use the product well.

    Well but there you have it.


    Other than the official material from Tenable there's not much in the form of books regarding Nessus:


    Amazon.com: nessus


    Most are either old or only skim the surface...
  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    I use Nessus on a daily basis at work and it is one of those things best learned through experience. I mean, you can only take down the entire network with the thing, so no worries icon_wink.gif.

    I would say most of my work with Nessus (and Tenable's Security Center product) is grooming reports and scans to target those vulnerabilities most relevant to our business and network. That is more policy/corporate culture driven than technical. Again, just my $0.02.
  • crashdumpcrashdump Banned Posts: 134
    ChooseLife wrote: »
    I looked at it before and decided it's just another product-specific from a vendor trying to make a little extra money. I use Nessus at work, but see no reason to spend money to becomes a certified user. Same thing for Splunk, Wireshark, etc - I prefer to RTFM for free :)

    You can say the same about every certification. For example most Oracle exams (only associate level not) requires attendance of course.
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,769 Admin
    ChooseLife wrote: »
    I looked at it before and decided it's just another product-specific from a vendor trying to make a little extra money.
    A less cynical viewpoint is that their certification is an attempt to better train and educate their customers on the use of their products.
  • the_hutchthe_hutch Banned Posts: 827
    I've been considering going for one of these, since our scanners are slated to be moved from Retina to Nessus in the near future.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I'd venture a guess that some of these certifications might have initially been geared for internal support / sales teams for the vendor, and then later branched out into becoming an "external offering" to gear itself more as a profit center rather than a cost center. Just a guess though.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    crashdump wrote: »
    You can say the same about every certification.
    And I do. Over years I have grown to be skeptical about most certifications and now believe that in the majority of cases a person, once reached the experience level adequate for a certification, no longer needs to pay a vendor to be certified. If one knows something, it usually shows.
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    JDMurray wrote: »
    A less cynical viewpoint is that their certification is an attempt to better train and educate their customers on the use of their products.
    I did not mean to come off as cynical - skeptical, maybe. And I don't quite see how certification program serves the purpose of training and educating customers - I'd think this is done by means of providing learning materials, documentation, courses, and tutorials.
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I think with every technical solution seemingly becoming certification-ified, it feels like every vendor's jumping on a bandwagon of some sort. Perhaps there's rationale that as products become more and more complex, it's nice to have some kind of "baseline knowledge assurance" of competency and a cert serving as that rubber stamp is just the most convenient and generally-accepted practice of approaching it. And for the vendor, it might be seen as a badge of honor: "Look, our offering is so comprehensive and in-depth that we've designed a certification program to prove your ability to maximize the most from your investments." Sound familiar, anyone?

    And unfortunately, many times this is the cookie-cutter approach for Human Resources while they sift through a thousand resumes per position, all the while not understanding the context of the job requirements.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,769 Admin
    ChooseLife wrote: »
    And I don't quite see how certification program serves the purpose of training and educating customers - I'd think this is done by means of providing learning materials, documentation, courses, and tutorials.
    If you look at the early history of IT certifications (e.g., Novell, Microsoft, Cisco), they were all born from technology vendor's customer training and education programs. The marketing departments then latched on the concept of certification as a metric to show the popularity of their products within their customer base.

    The concept of certification is strongly patterned after academia. It is unlikely you would find a college class that would have you attend lectures and study course materials, but then would not test your understanding of the materials and assign you a grade. Customers sending their people to training want some sort of verification that the money they've spent on training was justified. Having their people pass a certification exam helps determine a certain level of success.
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    JDMurray wrote: »
    Customers sending their people to training want some sort of verification that the money they've spent on training was justified. Having their people pass a certification exam helps determine a certain level of success.
    I see your point now - it is valid and looking from business's rather than individual learner's perspective I see how a certification does help with promoting training and education programs.
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • QordQord Senior Member Member Posts: 632 ■■■■□□□□□□
    I think the reason you see a lack of course materials is because Tenable provides those themselves, including the training sessions. I sat through a Tenable"training" session about a year ago hosted by a handful of sales guys. There is someone at a sister institution that has the cert, and he invited a bunch of us to sit in on the webinar. (the deal was he was allowed to have as many people watch as he wanted, but only one person would get "credit" from Tenable for the training) It was essentially an 8 hour introduction of how to get around the GUI, access and report on certain devices, and a lot of time spent on organizing the creation of reports. It was informative and interesting, but I don't use Nessus at all (either prior to or after the event) so whatever I learned sure didn't stick.

    Honestly, I think that if all you want is to learn the product better you might be better off with youtube videos. But if you want the cert and have the time, go for it. Although it might be a good conversation starter, I don't think it's marketable. Unless you want to work for Tenable or as a product trainer eventually.
Sign In or Register to comment.