Security Basics mailing list archives
RE: CISSP Question
From: "Simmons, James" <jsimmons () eds com>
Date: Wed, 9 May 2007 10:43:56 -0500
Yousef, And that is my point in the whole discussion. It isn't a necessary evil to obtain these certs, and I agree that, on a majority, it will help you get the interview. But this requirement of having a certifications has been highly exaggerated. There are plenty of high level, capable individuals without certifications. So these individuals are being weeded out prematurely because they do not have alphabet soup after their names. What, in my opinion, is the big problem with this is that companies are only looking for those letters, and disregarding most, if not all, others. So what you have are individuals spending (or having to spend) these high prices just to establish a level playing field, instead of spending the time and money actually contributing to the industry. And this is the scenario that I am trying to raise awareness over. It seems counter-intuitive to me on the purpose of certifications. Yes it shows that people are willing, and dedicated, but it is not the only measuring stick. I would rather higher an individual that has the drive to work on projects, and try to accomplish something, on his own then someone who decided that a single cert will give them a leg up on all these others without certs. But, covered in my debate with Craig, depending on how you believe ISC2 will react to your job experience, actual experience may not be guaranteed. I would say the best situation is if you have two individuals that have work on the same degree of projects, have similar experience, and other such measures, the person with the cert will have the upper hand. Of which that is acceptable. I agree with that (though personally I would just interview them both very thoroughly until I have a really good understanding of their technical knowledge). I stand on the belief that you should not have to spend tons of money to prove your worth. And with certification prices these days, that is what you are having to do. Regards, Simmons -----Original Message----- From: Yousef Syed [mailto:yousef.syed () gmail com] Sent: Tuesday, May 08, 2007 5:22 PM To: Simmons, James Cc: security-basics () securityfocus com Subject: Re: CISSP Question Hi James, I can't and won't argue with most of what yousay about certifications - in general, I can't stand them either and often-times I just don't trust them... Unfourtunately, to move on in this industry, many jobs now require some form of certification (often government jobs - atleast that's where I've most commonly seen the requirement). Although, I may know, my collegaues may know, and some of my friends may know that I've been working in security X-number of years and have gained certain levels of experience; a future manager may not know that. That future manager may have to wade through 100 CV/Resumes. To aid himself to sorting the wheat from the chaff he may rely upon a certification (that they "trust") from an independant third-party. Hopefully, that certification is only used to aid the hiring process. If that hiring process is farmed out to morons in HR, then you have a serious problem (and I've already expressed my opinion on HR departments hiring). Much as we'd all love to be hired through our personal network and recommendations (my last two roles have been acquired that way and it is a great way to get work :) ) the realities of life mean that it isn't always the way. The CISSP is just a good way to get your foot in the door (Neither the Manager doing the hiring nor the CISSP should rely upon it, though). In that sence, they are a necessary evil. ys On 08/05/07, Simmons, James <jsimmons () eds com> wrote:
>>Being that they have stated that employment as an Operators etc are not considered as valid experience, I would >>state that I feel that this would be a role where there is some management, design, consulting or other similar >>activity involved. So if you already have 4 years of experience in management, or design,
or consulting, what is the value of the CISSP? You are already doing the job that most people are getting the certification are aiming for.
Now of course this is a majority case, as there are people who get the
cert for other reasons. But this is all my point. http://www.securityfocus.com/archive/105/466897/30/210/threaded Experience in doing the projects, actually getting involved in the industry on your own, is the better way to spend your money then getting a certification. And here we arrive back at the beginning. Regards, Simmons
-- Yousef Syed "To ask a question is to show ignorance; not to ask a question, means you remain ignorant" - Japanese Proverb
Current thread:
- RE: CISSP Question, (continued)
- RE: CISSP Question Simmons, James (May 03)
- Message not available
- RE: CISSP Question Simmons, James (May 07)
- RE: CISSP Question Simmons, James (May 03)
- RE: CISSP Question Elizabeth Tolson (May 04)
- RE: CISSP Question David Harley (May 04)
- RE: CISSP Question Craig Wright (May 07)
- RE: CISSP Question Elizabeth Tolson (May 07)
- RE: CISSP Question David Harley (May 08)
- RE: CISSP Question Craig Wright (May 08)
- CISSP Question Simmons, James (May 08)
- Re: CISSP Question Yousef Syed (May 09)
- RE: CISSP Question Simmons, James (May 09)
- RE: CISSP Question April Carson (May 09)
- RE: CISSP Question David Harley (May 10)
- RE: CISSP Question April Carson (May 10)
- RE: CISSP Question David Harley (May 10)
- RE: CISSP Question April Carson (May 10)
- RE: CISSP Question David Harley (May 10)
- RE: CISSP Question David Gillett (May 10)
- RE: CISSP Question David Harley (May 10)
- Re: CISSP Question Yousef Syed (May 09)
- RE: CISSP Question Eric Zatko (May 10)
- RE: CISSP Question Ruiz, Michael S. (Security) (May 10)