Dailydave mailing list archives

RE: Security Expert Certificates

From: "Robert E. Lee" <robert () dyadsecurity com>
Date: Fri, 26 Mar 2004 10:30:53 -0800

People who hide behind certs to feel important typically don't know
enough.  I am put off by people who puff themselves up as knowing more
than they do. I have a lot more faith in intelligent people who can
accurately self assess their skill set, admit when they are wrong, and
learn very quickly.

Certifications serve as a baseline of evidence that you know something.
They can be a talking point in interviews, but outside of the interview
room should not be considered something to boast about.  Your projects
and real accomplishments should do your talking for you, or as my dad
would say "It's better to let other people tell you 'you are smart'".

Robert

-----Original Message-----
From: Rodney Thayer [mailto:rodney () canola-jones com]
Sent: Friday, March 26, 2004 7:51 AM
To: dailydave () lists immunitysec com
Subject: Re: [Dailydave] Security Expert Certificates

At 04:25 PM 3/26/2004 +0100, jan.muenther () nruns com wrote:


Having a cert like the CISSP doesn't hurt you personally


I think that in some cases it DOES hurt you.  It says "you
are capable of passing through a mindless selection filter inside
a large organization".  Given no other data than "some security
person with a CISSP", I think that a lot of folks assume "hmmm,
no clue, patience to take the test, way too mellow because they
were able to wrap their brains around the test instead of the
way things really are".  Now I know people who have CISSP's,
and some of them are really good,
but most of the good ones have some other redeeming attribute.
The certification never adds to their rep.

I understand that large organizations use the acronyms as a job
selection filter.  I can imagine that's logical in some situations.
Given a choice between some punk who has Fry's listed on their resume
and claims to know Perl, and some kid in a new suit with a CISSP,
I'd think about hiring the CISSP, sure.

My advice would be to not try to wave it around as street cred ;-)

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Security Expert Certificates, (continued)
- - - Re: Security Expert Certificates Rodney Thayer (Mar 30)
    - RE: Security Expert Certificates Steve W. Manzuik (Mar 30)
    - Re: Security Expert Certificates jan . muenther (Mar 30)
- Re: Security Expert Certificates Jay D. Dyson (Mar 26)
- RE: Security Expert Certificates Steve W. Manzuik (Mar 26)
- RE: Security Expert Certificates Ken Pfeil (Mar 26)
  - RE: Security Expert Certificates sullo (Mar 26)
- RE: Security Expert Certificates Stephen Scharf (Mar 26)
  - Re: Security Expert Certificates jan . muenther (Mar 26)
    - Re: Security Expert Certificates Rodney Thayer (Mar 26)
    - RE: Security Expert Certificates Robert E. Lee (Mar 27)
- RE: Security Expert Certificates Johnson, Michael1 [IT] (Mar 26)
- Re: Security Expert Certificates Aviv Revach (Mar 26)
- Fwd: Re: Security Expert Certificates Peter Wood (Mar 30)
  - Re: Fwd: Re: Security Expert Certificates jan . muenther (Mar 30)
- Re: Security Expert Certificates Matt Hargett (Mar 30)