Re: Training & Certifications

["Exibar" <exibar () thelair com>]

The person that Laura spoke to was mistaken,  right from their website it
states:

In the interim, (ISC)2 Services, 2494 Bayshore Boulevard, Suite 201,
Dunedin, FL 34698 USA, PH: 1.888.333.4458, FX: 1.727.738.8522, will continue
to respond to any employer requests for (ISC)2 credential holder
verifications. Such requests must be in writing on the employer's company
letterhead and a release signature from the CISSP/SSCP must be included in
the request.

That's found here: https://www.isc2.org/cgi/directory.cgi

  Exibar


----- Original Message ----- 
From: "Ron DuFresne" <dufresne () winternet com>
To: "Dave Howe" <DaveHowe () cmn sharp-uk co uk>
Cc: "Email List: Full Disclosure" <full-disclosure () lists netsys com>; "Laura
Taylor" <ltaylor () relevanttechnologies com>
Sent: Monday, April 05, 2004 2:16 PM
Subject: Re: [Full-disclosure] Training & Certifications


> [orig snipped]
>
> This was recently posted to the firewall wizards list, and relates to this
> topic;
>
> From: Laura Taylor <ltaylor () relevanttechnologies com>
> Subject: RE: [fw-wiz] Seeking input: Research Proposal: "Is a third
> position
>     possible?"
> Cc: firewall-wizards () honor icsalabs com
> Date: Fri, 2 Apr 2004 10:30:33 -0500
> To: 'Crispin Cowan' <crispin () crispincowan com>,
>      "'Holt, Philip'" <holtp () seattleu edu>
>
> Something curious to know about CISSP is this....
>
> I was thinking of hiring a person with a CISSP and called up ISC2 to
> verify
> if they really were a CISSP. ISC2 told me that they never verify if anyone
> is a CISSP as it is an invasion of the person's privacy. I then asked them
> how could I know for sure if this person really was a CISSP and told them
> that the person was not listed in the CISSP database on the ISC2 web site.
> They then told me that not all CISSPs are listed in the database because
> some don't want to be listed. They told me that the only way to verifiy if
> a person is a CISSP is to ask them for their certificate. I then asked
> them if all certificates look exactly alike and can they tell me how to
> know if a certificate it authenticate. I was told that all certificates do
> not look exactly alike and that they have changed their look over the
> years so there is no way to know if a particular certificate is real or
> not.
>
> After much discussion, it became clear that they were not willing to
> verify if anyone is a CISSP, and that there was no way for anyone to
> really verify this information unless the person chooses to be listed in
> the database on the ISC2 web site. I told them that in my opinion their
> process for certification was not consistent with the concept of "trust,
> but verify" and I ended up not hiring the person I had originally
> interviewed.
>
> If a certification cannot be verified, to me it is worthless. I'd rather
> hire an MCSE because Microsoft is willing to verify all their
> certifications.
>
> The philosophies and ethics of 2600 could possibly be questionable, but I
> dare say that ISC2 is not at all the organization that I once thought it
> to be.
>
> Laura
>
>
>
>
> Thanks,
>
> Ron DuFresne
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity.  It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D.  Just don't touch anything.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html