Full Disclosure mailing list archives
RE: CISSP Test
From: "DAN MORRILL" <dan_20407 () msn com>
Date: Wed, 23 Mar 2005 16:14:00 +0000
I think in reading the multiple threads on this issue, there there are a number of perspectives on the value of the CISSP.
What was most interesting was the CEO's perspective. Since the CISSP is a boot camp, and the SANS is bootcampable in the longer run with the removal of the practicle. The real question is working towards a certificate that demonstrates ability to work in the security arena, one that is really hard to get, and one that really tests the ability to do the work.
While CISSP and SANS are great to have as a resume filter, it does not imply that anyone with either certificate to their name can actually do the work. What I am seeing is that many people are going for these, and have them, but had them a result from an IDS system, or ask them to do a security design for either a network or a chunk of code, the ability to actually perform the task is not there, even though they have the certificate.
Personally, I believe the community needs something, certificate, degree, internship, what ever, that actually means you can perform competently in the security arena. That there is a skill set there that the entire community agree's upon is the minimum recommended skill set to work in this field. If we had something like that, then any school that is pumping out Bachelors of Information Security folks would have a standard. Anyone building a bootcamp or certificate program would have an agreed upon community standard to work with.
ISC2, ISSA, WSA, SANS, et al. Could build a board in conjunction with the community, develop the minimum qualifications to work in the field, and actually accomplish something once they have been certified or degreed. NSA has been hugely successful in developing security schools through James Madison, Boise, et al. But they have to agree to and teach to the minimum standard that NSA has put together to meet the needs that NSA has identified.
I think until we as a community agree upon a minimum standard, apply it consistantly across the board much like doctors, lawyers, social workers, and other degreed or licensed professionals, we will continue to have this debate until the house burns down. As security professionals, as security folks, we have the same ability to either do good, or do harm as any other profession does. We need to understand this, and begin working towards skill sets either certificate or degree that actually mean something useful at the end of the day.
My thoughts, flames invited. r/ DanSometimes MSN E-mail will indicate that the mesasge failed to be delivered. Please resend when you get those, it does not mean that the mail box is bad, merely that MSN mail is over worked at the time.
From: "Clement Dupuis" <cdupuis () cccure org> To: <robert () dyadsecurity com>,"'Vladamir'" <wireless.insecurity () gmail com> CC: full-disclosure () lists grok org uk Subject: RE: [Full-disclosure] CISSP Test Date: Wed, 23 Mar 2005 06:45:47 -0500 Robert E. Lee wrote:"SANS programs have little to do with security. I'm glad they changed theirpolicy. They seem more honest now." Good day Robert, Honesty is a very neat goal to achieve, however it has many facets. I lately learned (under all reserve, please correct me if you know otherwise) that SANS no longer has any NON PROFIT portion left. They used to be registered as a non-profit entity in the state of Maryland but it seems that it was dissolved. Technically we could say there is no SANS Institute left anymore as we knew it on the non profit side. After they dissolve SANS they created a FOR PROFIT corporation called ESCAL which registered the names used in the non-profit as trademarks for their new for profit organization. Even thou you see the name GIAC and SANS being used everywhere, they are all trademark (not organizations) of the new privately owned company.Principals at SANS have NEVER claimed to be non-profit, it is a myth that wethe people that have been dealing with SANS for a long time (since the timethey were non profit) have been propagating. We have been keeping this myth alive simply because we did not know any better and we did not know that thenon-profit was dissolved. It was done without any noise or public announcement to the people that were already certified.So they NEVER lied but they never went to any length to inform people of thereal and current status of their corporation activity. Most people think that GIAC is non profit which is not the case anymore and this better explains the decision of dropping the practical requirement: it does not generate money and it is not a good business decision to keep something alive that will become a drain on the bottom line. Which is a bit contraryto the reason given of improving the overall state of the security community:-) Take care Clement _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_________________________________________________________________Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: CISSP Test, (continued)
- Re: CISSP Test Vladamir (Mar 22)
- Re: CISSP Test Wade Woolwine (Mar 22)
- Re: CISSP Test J.A. Terranson (Mar 22)
- Re: CISSP Test Vladamir (Mar 22)
- Re: CISSP Test robert (Mar 22)
- Re: CISSP Test vulcanius (Mar 22)
- Message not available
- Re: CISSP Test vulcanius (Mar 22)
- Re: CISSP Test vulcanius (Mar 22)
- Re: CISSP Test Vladamir (Mar 22)
- Re: CISSP Test Vladamir (Mar 22)
- RE: CISSP Test Clement Dupuis (Mar 23)
- RE: CISSP Test DAN MORRILL (Mar 23)
- Re: CISSP Test Vladamir (Mar 23)
- Re: CISSP Test David Chastain (Mar 22)
- Re: CISSP Test srenna (Mar 22)
- Re: CISSP Test Exibar (Mar 22)
- RE: CISSP Test David Chastain (Mar 22)