The DoD 8570 directive is something that has been making many IT Security / Information Assurance professionals sweat for the past couple of years. Strangely enough, the deadlines are never met and keep getting pushed back.
The latest addition to the DoD 8570 directive is the Certified Ethical Hacker (CEH) certification.
This certification is a very hands-on, practical, know what you are doing kind of cert, different from some of the others that appear on the 8570. In fact, if you take a CEH class you'll see what I mean. By nature, they are almost all hacking (using exploits, worms etc.) from start to finish.
So not only does the CEH certification's addition to the DoD 8570 break form from the norm (see CISSP, Security+ - theory / concept based certs) but in my opinion its a strange recognition by the DoD and the US Government of the latest trend in data security. CEH was made popular by good marketing by the EC-Council coinciding with a growing need (data threats via network penetration). The popularity that has been growing rapidly for the last two to three years is now being recognized by the Gov, which is not something were all too used to seeing.
Watch in years to come for certifications that are more theory based to go by the wayside and certifications that are application based to skyrocket in popularity. Things to watch: CEH, CHFI, ECSA, LPT and the Advanced Penetration Tester (APT).
FUNNY UPDATE: Check out the comment spam we got from Shon Harris' blog, I actually approved it. Im interested to know what spammy SEO company she has marketing her site, Shon has far too strong a name in the industry for that.
