Firewall Wizards mailing list archives

Re: CISSP

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 28 Nov 2001 12:53:43 -0500 (EST)




On Tue, 27 Nov 2001, Jody C. Patilla wrote:

        [SNIP]

If I were
running an organization which made money from certifications, I'd probably
be promoting the value of certification very loudly.

And they are.  I responded to this recent posting in the securityfocus
jobs forum:

        Meritt James wrote:

        > "According to a recent report from online certification company
        > Brainbench, disaster-recovery and network-security skills are scarce
        > within the IT workforce."
        >
        > ................
        >
        > Full article at http://www.informationweek.com/story/IWK20011121S0015
        > --

from the article:

        By analyzing the 4.5 million online tests and certifications taken on
        the Brainbench site during the last 12 months, the firm's Cyber 
        Defense IQ Report shows disaster recovery and planning, with only
        111 certified professionals in the nation, to be the weakest of
        the five skill sets analyzed. "With disaster recovery, the truth
        is everyone thinks someone else is doing it," says Mike Russiello,
        Brainbench's president and CEO.

interesting 'study' they preformed, great marketing hype for them also.
But, it's an old rant, not really supported by the IT industry.  Face
it, companies are not really into security as of yet.  Sure many are
putting up perimiter defenses, and yet, howmany are really securing their
exposed web and mail systems?  How many find their DNS servers hacked  to
pieces weekly?  And even the US government is sorely lacking in any real
sense of dealing with securing their systems, just look at the GAO reports
on government sites for the past two  to three years.  It's surprising how
few comapnies really take security seriously untill they are hit in the
backside, and then it's a battle all the way to the desktop to impliment
polices and get the employees to comply.  One of the most common rants
in the firewalls related lists is: "how do I stop our users from breaking
our policy and doing this nasty thing on the internet/web". Implying
that there is no real buy in and support from upper mgt in implimentation.
It's a pity, but, it's a fact.

Thanks,

Ron DuFresne

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

RE: CISSP robert_david_graham (Nov 26)
- Re: CISSP t (Nov 27)
  - Re: CISSP Jody C. Patilla (Nov 28)
    - Re: CISSP R. DuFresne (Nov 28)
    - RE: CISSP Jeff Brown (Nov 28)
- <Possible follow-ups>
- RE: CISSP Gibson, Brian (Nov 27)
- RE: CISSP Baumann, Sean C. (Nov 27)
  - RE: CISSP R. DuFresne (Nov 28)
    - RE: CISSP Peter Lukas (Nov 28)
- Re: CISSP Bill_Royds (Nov 28)
- RE: CISSP Baumann, Sean C. (Nov 28)
- RE: CISSP Paris Stone (Nov 29)
- RE: CISSP R. DuFresne (Nov 29)
- RE: CISSP kstephe6 (Nov 29)

(Thread continues...)