RE: University Degree or CISSP

["Craig Wright" <cwright () bdosyd com au>]

Hands on experience without a good foundation often just perpetuates bad
practice.

Anecdotal evidence is little better than no evidence. All degrees are
not equal. A PhD is a detailed and FOCUSED study of one particular
area/field/subject. It makes you an authority on a very specific topic -
this may have nothing to do with IT or even security.

I have several degrees. I have a CISSP (with additional bits). What
helps is a quality of knowledge of through both breadth and depth.

The CISSP is a very basic - wide range of knowledge that is slightly
more than paper thick. Degree's all vary. A PG (in general) degree shows
research skills and aptitude. An ability (in probability) of applying
ones self.

I have been in the industry 20 years. A degree was not needed once. This
has changed and the IT profession is becoming more professional. A
combination of skills is needed. Risk and business analytics are more
relevant than ever and it is not likely that you will demonstrate these
without a combination of education and experience.

A degree is structured learning (or at least usually is - until later
levels). There are other ways to obtain an education, but these are more
difficult to put on one's CV.

Regards,
Craig
Dr Craig S Wright, DTh MNSA MMIT CISA CISM CISSP ISSMP ISSAP G7799 GCFA
AFAIM

-----Original Message-----
From: ilaiy [mailto:ilaiy.e () gmail com]
Sent: 26 January 2006 5:04
To: Elizabeth Lewis
Cc: Huang, John, GCM; security-basics () securityfocus com
Subject: Re: University Degree or CISSP

I would say a CISSP is really good to have even though I have a Master,
people are not bothered about the same.

I was not given a job because I did not have a CISSP. It totally depends
on company to company. Some of them think if you have a CISSP you are
good. According to me it really doesnot matter what CERT's you have. It
all boils down to what you know when it comes to security.
Hands on experience is always the best.

./thanks
ilaiy

On 1/24/06, Elizabeth Lewis <e.lewis () infosecurityconsult com> wrote:
> I have a degree in comp. sci. from Purdue University. *Go
> Boilermakers!* and it is extremely valuable to ME, but in the REAL
> WORLD that I live in, when employers ask about my education they ask
> about certs first. They seem to care little about my bachelor's
> degree. They tell me "that's great" then in the same breath they ask
> about certs and experience. It took me 4 years to get the Purdue
> degree. And it is taking me another 4 to prep and get my CISSP, due to

> the 4 years of experience requirement. So in short, it is NOT a crazy
> discussion. You CAN compare the two, they both take 4 years, and they
> both take a lot of dedication to achieve. I know A LOT of people who
> have the degree, but would NEVER make it though a CISSP cert. maybe
you are one of them.  A CISSP is nothing to laugh off. . My advise to
John Huang.
> GET THEM BOTH. You won't regret it.
>
> Elizabeth
>
>
> -----Original Message-----
> From: Ken Kousky [mailto:kkousky () ip3inc com]
> Sent: Tuesday, January 24, 2006 12:38 PM
> To: 'Huang, John, GCM'; security-basics () securityfocus com
> Subject: RE: Re: University Degree or CISSP
>
> This is the craziest conversation I ever heard of - there is NO
> comparison between a REAL degree and CISSP. CISSP is great, valuable
> and vital but it isn't in any way comparable.
>
> Simply put, if you don't have a degree - get one and get the best one
> you can.
>
> -----Original Message-----
> From: Huang, John, GCM [mailto:John.Huang () rbsgc com]
> Sent: Monday, January 23, 2006 1:41 PM
> To: security-basics () securityfocus com
> Subject: RE: Re: University Degree or CISSP
>
> Degree or CISSP? It depends on where you are in life. A degree helps
> you in the door and advancement into a management position usually
> require a college degree. But if you're already in the field and don't

> have a college degree, a CISSP cert is easier to obtain in a shorter
> amount of time, and provide more immediate benefit since you can put
> the things you learn into use.
>
> -----Original Message-----
> From: shyaam () gmail com [mailto:shyaam () gmail com]
> Sent: Friday, January 20, 2006 10:25 PM
> To: security-basics () securityfocus com
> Subject: Re: Re: University Degree or CISSP
>
> Yes,
> Very true. Nothing counts equivalent to experience, but experience
> comes only when someone starts somewhere. I have seen one big thing
> happening around. People in the industries shifted from technology to
> business, that is the point when they lost the security and created
> more loopholes in their own products as they reduced the time needed,
> reduced budgets and spent more on advertisements and marketing.
> How does that reflect on people. They need people already with
> experience. But how is that possible. Everybody needs to start
> somewhere. So experience does count, but I would say some foundation,
> some added qualification and some experience is good for a cool job.
> For a startup job, some degree and some cert is essential.
>
> PS: This is my opinion, I am not pointing out any company or any
> private organization.
>
> -S-
>
> ----------------------------------------------------------------------
> --
> ---
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich

> University program offers unparalleled Infosec management education
> and the case study affords you unmatched consulting experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity
> Planning, Computer Emergency Response Teams, and Digital
Investigations.
> http://www.msia.norwich.edu/secfocus
> ----------------------------------------------------------------------
> --
> -----------------------
> ********************************************************************
>
> This e-mail is intended only for the addressee named above.
> As this e-mail may contain confidential or privileged information, if
> you are not the named addressee, you are not authorized to retain,
> read, copy or disseminate this message or any part of it.
>
> ********************************************************************
>
>
> ----------------------------------------------------------------------
> ----- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The
> Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting
experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity
> Planning,
>
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
> ----------------------------------------------------------------------
> -----
>
>
> ----------------------------------------------------------------------
> ----- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The
> Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting
experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity
> Planning,
>
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
> ----------------------------------------------------------------------
> -----
>
>
>
> ----------------------------------------------------------------------
> ----- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The
> Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting
experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity
> Planning, Computer Emergency Response Teams, and Digital
Investigations.
> http://www.msia.norwich.edu/secfocus
> ----------------------------------------------------------------------
> -----

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
University program offers unparalleled Infosec management education and
the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning, Computer Emergency Response Teams, and Digital Investigations.


http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------