Anyhow, the RWSP caught my eye and I decided to head down to Gaithersburg MD to sit in for this exam. Unlike the typical "read this book", "memorize this concept" style of exams which have flooded the market, the RWSP seems to me to be a "practice what you preach!", "you better know your stuff!" kind of exam. When I first read about the RSWP exam, I was contemplating the ISRM certification (NSA IAM/IEM) for "Red Teaming" validation and the information caught my eye.
Now to be honest here, when I first thought of the name of the certification, I was puzzled and wondered: "Who the hell, what kind of ballsy statement is that!" and I immediately tracked down the exam content authors to question them about this certification. None other than Russ Rogers took the time to eloquently explain it to me:
The RWSP is based on an individual's ability to handle and react to real world security situations. We approach the security topic from both offensive and defensive perspectives, and no single student is required to be an expert in both sides. Over the years, we've grown frustrated with the growing number of "content based" certifications, where you read a book or take a course, then take the exam. We felt that the pool of certified professionals was being diluted by individuals that really don't have the experience and knowledge to do the work. What we wanted to do with the RWSP is bring back some semblance of the peer review process (think of it like a blacksmith guild mentality). If a certification is peer reviewed, the quality of the members is better maintained, thus the certification also maintains it's value to the industry.
For starters, if you don't know who Russ Rogers or Greg Miles is, then you probably haven't been in the industry that long. The bios on them would fill this page up, so I'll let you see for yourself http://www.blackhat.com/html/bh-ad-10/t ... ldSec.html
Anyhow, I decided that this would be the "make me or break me" course in the sense that, no one is walking out of that classroom by relying on a book. The course is two days long and I'm getting antsy wanting to get it on already. The concept so far seems more in tune with reality as opposed to it being focused on tenteen hundred tools and exploits, eleventeen hundred methodologies, etc.. Simple, attack and defend My kind of exam.
I will follow up after the exam (pass or fail) on how things went, etc. In the interim, I'm still around!