RE: CISSP Question

["Craig Wright" <Craig.Wright () bdo com au>]

Buying a router for home practice would lower your chances if I am in the Interview.
 
First, we have the economics. A router simulator (such as Boson) is less expensive and offers just as much and also 
maps to Cisco (and other) exams and tutorials. Thus there is a manner of testing the skills. Thus you have not 
demonstrated a good financial knowledge and thus are less likely to make well informed project decisions.
 
Next a home router is limited to the extreme. It is a single router, OSPF, VRRP etc are not generally feasible. There 
is no way to learn and understand on a simple home router. You are unlikely to wipe and start again as often. I could 
go on.
 
A simulator does far more. So this would be the proverbial next the minute you decide to mention it.
 
Regards,
Craig



Craig Wright
Manager of Information Systems

Direct +61 2 9286 5497
Craig.Wright () bdo com au
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
www.bdo.com.au

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

The information in this email and any attachments is confidential.  If you are not the named addressee you must not 
read, print, copy, distribute, or use in any way this transmission or any information it contains.  If you have 
received this message in error, please notify the sender by return email, destroy all copies and delete it from your 
system. 

Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls.  
You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or 
Director of BDO Kendalls.  It is your responsibility to scan this communication and any files attached for computer 
viruses and other defects.  BDO Kendalls does not accept liability for any loss or damage however caused which may 
result from this communication or any files attached.  A full version of the BDO Kendalls disclaimer, and our Privacy 
statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator () bdo com au.

BDO Kendalls is a national association of separate partnerships and entities.

________________________________


From: listbounce () securityfocus com on behalf of April Carson
Sent: Thu 10/05/2007 10:46 PM
To: david.a.harley () gmail com; Simmons, James; Yousef Syed
Cc: security-basics () securityfocus com
Subject: RE: CISSP Question



Good points. However if someone was going to invest money into their
skills, I would be more impressed with someone who purchased a router
and set one up at home. This shows initiative, drive and a willingness
to learn.

Just because I have a drivers license and drive fast does not mean I am
a racecar driver. Someone who hammered through a boot camp to get the
certification but never put his or her hands on the equipment may not be
a skilled network administrator or security specialist. They might just
be someone who can memorize a large amount of information.

Ultimately, I believe you should find the job you want to have and
research what THEY require. If they want a degree and you get a
certification then perhaps you wasted your time. I do not believe there
is a hard and fast answer to this discussion of degree vs.
certification.

However, the discussion was interesting and fun!

As always,
-April

-----Original Message-----
From: David Harley [mailto:david.a.harley () gmail com]
Sent: Thursday, May 10, 2007 5:10 AM
To: April Carson; 'Simmons, James'; 'Yousef Syed'
Cc: security-basics () securityfocus com
Subject: RE: CISSP Question

> "I stand on the belief that you should not have to spend tons
> of money to prove your worth."
>
> PERFECT!!

Indeed. But it's an ideal, not real life.

Forget the security Certs. Most of us are, in the job market and
elsewhere,
to some extent defined by our qualifications, from school level
certifications to first and higher degrees, to all manner of vocational
qualifications. And they nearly all cost money. Of course, we don't
always
spend our own money on them: I don't think I've ever spent my own money
on a
vocational qualification, or even . I realize that some people do (for
instance, to break into an area where they aren't already working for
someone who's prepared to help them with professional development) and I
think it's unreasonable to suggest that they shouldn't commit money,
time
and effort into self-development. The point, though, is that most
qualifications cost someone money, and some of them cost a lot more than
CISSP, GIAC etc. But they're an attempt (however imperfect) to measure
baseline ability by objective criteria. If you're saying that we should
assess others purely by our own instincts and abandon all attempts to
assess
objectively, you must have more faith in the human race than I do.

As for the cost issues, let's remember that it's not cheap to implement
certs, supply training for them, design and implement testing, and so
on. In
other words, certifying bodies don't work for free, though not all are
for-profit and keep costs down by using certified volunteers, for
example. 

Mr Simmons, I don't use those letters after my name to "prove" that I'm
"important next to others". I use them (sometimes) because some
customers,
publishers etc. find it reassuring that I've signed up to a baseline
level
of professional development and ethical standards in the field in which
I
work. It helps that unlike most of the vocational certs I've picked up
over
the years, they compress to an acronym that doesn't bloat my signature.
Since I am not "validated" by an impressive job title or affiliation
with a
major corporation, they give a very, very slight indication of where I
am in
the foodchain. But they don't prove I'm not an idiot. :)

--
David Harley CISSP, Small Blue-Green World
Security Author/Editor/Consultant/Researcher
AVIEN Guide to Malware:
http://www.smallblue-greenworld.co.uk/pages/avienguide.html
Security Bibliography:
http://www.smallblue-greenworld.co.uk/pages/bibliography.html





This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or 
entity to whom they are addressed. If you are NOT the intended recipient or the person responsible for delivering the 
e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, 
dissemination, forwarding, printing or copying this e-mail is strictly prohibited.