Re: A question about certification and training

["Meritt James" <meritt_james () bah com>]

Sorta concur - CISSP is NOT a technical certification and only the
unknowing will treat it as such.  

Michael Boman wrote:
> On Fri, Dec 20, 2002 at 06:45:57PM -0600, * KAPIL * wrote:
> > IMHO, your current job and future career goals have a lot to do with
> > what certifications your acquire and what certifications your keep
> > current as they expire. I for example have my A+, NET+ and Server+ from
> > back in the day when I first started in IT. I am a systems engineer and
> > work mostly on Microsoft technologies so I also have both flavors of
> > MCSE. In order to have the complete spectrum of troubleshooting skills,
> > I felt I needed to be well versed in routing and switching, so I got my
> > CCNA. Now, if I were going to work mostly on Compaq hardware...I'd get
> > Compaq certified. If I were interested in pursuing a career in
> > Security....perhaps CISSP would be a good choice...it depends. Hope this
> > helps!
> >
> > -K
>
> I agree with the above poster, except when it comes to security
> certifications. If you want to be a hand-on guy who knows how to decifer
> various log format, harden servers etc. I recommend going for the SANS
> GIAC line of certifications. My take on CISSP is that it's too broad
> and too shallow, so I find it suiting managers better then the foot
> solders. I have not yet taken CISSP, but I think it is something I
> need to do as it's more or less expected of me because of my position
> (Security Architect). I currently only have SANS GIAC certifications
> but it suites me fine because I like to be involved. I am a hands-on
> kind of guy ;)

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566