Security Basics mailing list archives
RE: CISSP Question
From: "David Harley" <david.a.harley () gmail com>
Date: Sat, 12 May 2007 11:11:48 +0100
You addressed the issues with your research and provided links.
Thanks. It so happens I wrote a chapter section on security certs recently, so it didn't take a lot of research. :)
"a valued credential awarded in several fields that proves competency upon satisfactory demonstration of particular knowledge and skills."
I'd say knowledge and/or skills, perhaps, but that's a reasonable working definition.
can agree that a certification is implying to the hiring company that the holder of this certificate is in possession of at least a minimum level of skill and knowledge. That the employer can reasonably expect that the holder of this certificate will be able to perform to this minimum level without any extra training, or otherwise expenditure incurred upon by the company.
I think I agree with your underlying premise, but not the way you've expressed it. There are scenarios where you would take on someone who can't do the job right now, because they have attributes (which might include certification) that convince you that it's worth giving them training (or time to self-train.) For example, in a package they don't at present have adequate knowledge of.
The GIAC, SANS Institute and SANS Technology Institute are different Trade name as is pointed out in the link you provided.
Whoa! I'm the last person to "defend" SANS. I respect some of their work, and some of their associates are first-class people. I've also been sharply critical, sometimes publicly, and I don't think I'd be Alan Paller's first choice as their "advocate." So I'll make one or two general points and let it go. * There are many instances in education in general, never mind IT where the body that awards some form of certification (degree, diploma, certificate etc) is also the body (or part of the body) that does the teaching. There may be scope for abuse there, but you'd see enormous holes in current educational systems if it suddenly became compulsory to introduce complete separation. What's more, I could certainly point you to instances where complete separation between teaching establishments and examining bodies fails to dispel doubts about the system, but that won't interest this list. * I commend your painstaking research into SANS, but what you're telling me doesn't disprove their honesty, competence or ethical standards. And I only said they had some degree of separation: there's no suggestion that they aren't allied, from me, their web pages, or anywhere else.
Moving on, certification prices. They are more expensive then they need to be. That is my view, though some believe that it is a fair and decent price. I believe that it can be much cheaper, and the only reason that it isn't is because of obvious greed, and not out of operating costs.
I'm not privy to the details of SANS or (ISC)2 finances. I can't possibly comment on the accuracy or otherwise of your conjectures. And I don't want to get snagged on this sort of debate. -- David Harley CISSP, Small Blue-Green World Security Author/Editor/Consultant/Researcher AVIEN Guide to Malware: http://www.smallblue-greenworld.co.uk/pages/avienguide.html Security Bibliography: http://www.smallblue-greenworld.co.uk/pages/bibliography.html
Current thread:
- RE: CISSP Question, (continued)
- RE: CISSP Question David Gillett (May 10)
- RE: CISSP Question David Harley (May 10)
- RE: CISSP Question Eric Zatko (May 10)
- RE: CISSP Question Ruiz, Michael S. (Security) (May 10)
- RE: CISSP Question David Gillett (May 10)
- RE: CISSP Question Craig Wright (May 10)
- RE: CISSP Question April Carson (May 10)
- RE: CISSP Question Simmons, James (May 10)
- RE: CISSP Question David Harley (May 11)
- RE: CISSP Question Simmons, James (May 14)
- RE: CISSP Question David Harley (May 14)
- RE: CISSP Question Craig Wright (May 14)
- RE: CISSP Question Simmons, James (May 15)
- RE: CISSP Question David Harley (May 15)
- RE: CISSP Question Simmons, James (May 15)
- Re: CISSP Question Florian Rommel (May 15)
- RE: CISSP Question David Harley (May 16)
- RE: CISSP Question Ken Kousky (May 16)
- RE: CISSP Question David Harley (May 16)
- RE: CISSP Question Ken Kousky (May 16)
- RE: CISSP Question David Harley (May 16)