Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Contract Rates & CISSP or not

From: "Andy Nold" <anold () home com>
Date: Wed, 28 Nov 2001 17:56:46 -0700
Pooh, Pooh Mr. Crispin,
 I've been called a lot of complimentary and derogatory names in my careers
(three and contemplating a change), so repeating claims of "brilliant" and
"innovative" would be misleading, and might be wholly misleading. My
clearest self-imposed label is "mercenary". I've changed career tracks from
investment banking to corporate sales to technology, to match my maturation
in personality, personal time management, and to secure a stable
(lucrative)income.
Getting the CISSP was, IMHO, a project to prove a base level of technical,
security-oriented competence for people that were not capable -without
meeting me personally- of appreciating of my potential contribution. I would
offer that you reconsider your position of dismissing CISSPs at face value
since I didn't have a lobotomy as a requirement to take the CISSP exam.
With all respect and consideration,
Andy Nold
CISSP, CCNP, CCDP, MCSE -> with other certifications in other fields ; )
----- Original Message -----
From: "Crispin Cowan" <crispin () wirex com>
To: "Darren Reed" <darrenr () reed wattle id au>
Cc: "R. DuFresne" <dufresne () sysinfo com>; <chiman () hawaiian net>;
<firewall-wizards () nfr net>
Sent: Monday, November 26, 2001 3:08 PM
Subject: Re: [fw-wiz] Contract Rates & CISSP or not



Darren Reed wrote:


One would hope that this would perhaps deter the snake oil security folk
from polluting the waters but there are guarantees in this world besides
death and taxes.


"Death, Taxes, and Imperfect Software: Surviving the Inevitable".
Crispin Cowan, Calton Pu, and Heather Hinton. Presented at the  New
Security Paradigms Workshop 1998
<http://www-hsc.usc.edu/%7Eessin/nspw98.html> . Postscript
<http://www.cse.ogi.edu/%7Ecrispin/bugtol.ps.gz> 130 KB, PDF
<http://www.cse.ogi.edu/%7Ecrispin/bugtol.pdf> 92 KB.  :-)


A different take on the CISSP issue is this: if people with the same
experience quote for the same job and the person with the CISSP gives
a somewhat higher quote (lets say $10/hr more), is the recruiter going
to go for the CISSP qualified person or the other?  I guess the question
I'm asking here is does the CISSP equate to X$/hr extra when it comes to
the consulting gig and if so, for what value of X ?


Personally, I use CISSP as a filter for who *not* to hire, as in "if
they have a CISSP, I don't hire them". Rationalle: we do advanced R&D,
so I'm shopping for brilliance, not competence & willingness to do
drugery with dilligence. The CISSP (hopefully :-) assures a minimum
level of competence, but IMHO the social filter of those who seek such
certification makes them unlikely to be a brilliant innovater.

My position used to be much stronger: that certificates are for poseurs,
give me a real degree or a Bugtraq pedigree, or don't bother. But I've
mellowed in my old age :-)

In summary, I still look at CISSP's (and other certificates that don't
start with "Bachelor's" or similar) as a negative mark, which I'm
willing to overlook if the other factors are strong. I certainly will
not pay extra for it.

Crispin

--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: