Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Security Expert Certificates

From: "Stephen Scharf" <sscharf () atstake com>
Date: Fri, 26 Mar 2004 09:25:34 -0500
I think the real question is why you want them and what are you trying
to achieve in your professional career. If you are a consultant, having
a CISSP can be an advantage when faced with a customer that buys into
the certification hype. It becomes more of a conversation stopper rather
than starter. If a client wants a CISSP then you have filled the void,
if they do not care (as most of them do not), it is usually not even
mentioned in the conversation. It is simply one more tool in your
arsenal for selling yourself. In most cases I would rather have a cert
and not need it, then need a cert and not have it (so sayith the NRA).

It is true that most people who get the CISSP cannot write exploits, but
then again the cert is designed for security management, rather than
security pen testers. Security is a large arena and writing exploits is
only one of the seating sections. If that is the place you want to sit,
and you are not a consultant, then CISSP might not be for you.

-Stephen  

-----Original Message-----
From: dailydave-bounces () lists immunitysec com
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Dave Aitel
Sent: Friday, March 26, 2004 7:45 AM
To: dailydave () lists immunitysec com
Subject: Re: [Dailydave] Security Expert Certificates

*** PGP SIGNATURE VERIFICATION ***
*** Status:   Unknown Signature
*** Signer:   Unknown Key (0xD83C252F)
*** Signed:   3/26/2004 7:44:55 AM
*** Verified: 3/26/2004 9:13:30 AM
*** BEGIN PGP VERIFIED MESSAGE ***

My personal opinion is that they're not worth what you pay for them.
While some employers do value them, I think if you are the type of
person who would get one, you're better off having something like "Can
write exploits" on your resume instead. I also know some employers who
either ignore them completely, or count them against you - and you can
read the old CISSP or GIAC "papers" to see why.

-dave


Aviv Revach wrote:

| Hi,
|
| I started thinking of taking some security exam in order to get a 
| security expert certificate. I surfed the net and came accross CISSP, 
| SSCP, and other certificates (such as Ethical Hacking by
| InfoSec) which force you to take a course..
|
| I wonder if anyone here has one of these certificates and can give me 
| an advice whether it's worth anything.. If you have any 
| recommendations regarding other certificates - I would be glad to hear

| them.
|
|
| Best Regards, Aviv Revach
|
|
| ----------------------------------------------------------------------
|
|
|
| _______________________________________________ Dailydave mailing list

| Dailydave () lists immunitysec com 
| http://www.immunitysec.com/mailman/listinfo/dailydave



*** END PGP VERIFIED MESSAGE ***

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: