Re: CISSP

From: Michael Mooney (wolfiroc@earthlink.net)
Date: Fri Dec 08 2006 - 00:05:07 EST


All
As a graduate of both the OPSA and OPST I wholehartedly agree with Pete
that hands on knowledge based training and certification is the most
accurate measure of what you know. It challenges you to excel and keep up
with what is happening in our ether world. I am also a CISSP and the
reason is that it is becoming a requirementthat for companies gain
contracts that they must have certified staff. Unfortunately, the OPST and
OPSA are not on the list, but SANS GIAC is - go figure. And yes - OPSA and
OPST are difficult tests - that's the point.
As I tell my peers and seniors - the vulnerabilities and cyber challengers
out there have no conscience, they know no politics, recognize no
international boundaries, or personalities. Know your enemy, know yourself
and never relax.

> [Original Message]
> From: Pete Herzog <lists@isecom.org>
> To: Bates, Chris <Chris.Bates@nwdc.net>
> Cc: <pen-test@securityfocus.com>
> Date: 12/7/2006 9:54:10 PM
> Subject: Re: CISSP
>
> > But I also think certification by itself means next to nothing for the
> > most part. I have seen way to many Consultants with certifications and
> > degrees not know their head from a hole in the ground.
>
> There are certifications and there are certifications. Knowledge
> certifications where one memorizes security trivia and regurgitates it on
> an exam has much less applicability in the real world than a formal
> education where case studies and experience may be introduced or an
applied
> knowledge certification.
>
> But a certification should mean something. It should prove that a person
> can apply a particular type of knowledge, a specialty, with a measurable
> degree of accuracy and efficiency. If a group has convinced you that they
> can certify, accredit, or graduate you in a trade or specialty in a manner
> which requires no proof of skill then you should question your own
critical
> thinking skills. Because it just doesn't work that way. Even with
> experience, that means nothing if what you learned is wrong from the
start.
> The US Department of Education has a word for organizations who sell
> diplomas for experience alone and often no additional coursework: Diploma
> Mills (http://en.wikipedia.org/wiki/Diploma_mills).
>
> I'm saying this because at ISECOM we have been an authority for applied
> knowledge security certifications for nearly 5 years because the security
> community we work with asked for it. They asked for a security cert that
> didn't suck. They wanted one where people actually had to apply their
> knowledge of testing and analysis with accuracy and efficiency in order to
> pass an exam against a live network. So we built it and you know what, we
> still sometimes get complaints that it's too hard and too complicated.
> When we first rolled this out in the US, the training organization we
> worked with didn't see a future for it because they said they needed an
> easier exam, a knowledge-based one, so people can pass and take a
> certification back to the office which will bring in more people. Then
> they can also promote a high pass rate in their marketing for that
> training. So we stopped working with those training companies in the U.S.
> that wanted an easy pass to sell easily to the masses. But that's just
> mainly a problem in the US and most other regions have been just fine for
> us. In those other places the ISECOM certifications really mean something
> and get people employed and advanced and vetted for having them.
>
> So please don't lump all security certifications together. Some of us are
> working hard to help and such comments don't.
>
> Sincerely,
> -pete.
>
> PS: Sure I work for ISECOM so I am biased about the quality of our
> certifications but facts are facts and our certifications really are
> applied knowledge, hands-on examinations.
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:26 EDT