Full Disclosure mailing list archives
Re: RES: CISSP Test
From: Vladamir <wireless.insecurity () gmail com>
Date: Wed, 23 Mar 2005 13:52:05 -0500
CCIE is where it's at. I love writing practice tests, but I'm only 20, so what do I know Jose Ribeiro Junior wrote:
Hi Friends,What you think about CCIE certification model, practice and write tests ? I think that is a good model to Security Certifications. But, can you create a practice tests not using especific vendors ? -----Mensagem original----- De: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk]Em nome de Vladamir Enviada em: quarta-feira, 23 de março de 2005 14:23 Para: DAN MORRILL Cc: full-disclosure () lists grok org uk Assunto: Re: [Full-disclosure] CISSP TestVery good points, so.. who wants to start writing to the mentioned organizations about this?DAN MORRILL wrote:I think in reading the multiple threads on this issue, there there are a number of perspectives on the value of the CISSP.What was most interesting was the CEO's perspective. Since the CISSP is a boot camp, and the SANS is bootcampable in the longer run with the removal of the practicle. The real question is working towards a certificate that demonstrates ability to work in the security arena, one that is really hard to get, and one that really tests the ability to do the work.While CISSP and SANS are great to have as a resume filter, it does not imply that anyone with either certificate to their name can actually do the work. What I am seeing is that many people are going for these, and have them, but had them a result from an IDS system, or ask them to do a security design for either a network or a chunk of code, the ability to actually perform the task is not there, even though they have the certificate.Personally, I believe the community needs something, certificate, degree, internship, what ever, that actually means you can perform competently in the security arena. That there is a skill set there that the entire community agree's upon is the minimum recommended skill set to work in this field. If we had something like that, then any school that is pumping out Bachelors of Information Security folks would have a standard. Anyone building a bootcamp or certificate program would have an agreed upon community standard to work with.ISC2, ISSA, WSA, SANS, et al. Could build a board in conjunction with the community, develop the minimum qualifications to work in the field, and actually accomplish something once they have been certified or degreed. NSA has been hugely successful in developing security schools through James Madison, Boise, et al. But they have to agree to and teach to the minimum standard that NSA has put together to meet the needs that NSA has identified.I think until we as a community agree upon a minimum standard, apply it consistantly across the board much like doctors, lawyers, social workers, and other degreed or licensed professionals, we will continue to have this debate until the house burns down. As security professionals, as security folks, we have the same ability to either do good, or do harm as any other profession does. We need to understand this, and begin working towards skill sets either certificate or degree that actually mean something useful at the end of the day.My thoughts, flames invited. r/ DanSometimes MSN E-mail will indicate that the mesasge failed to be delivered. Please resend when you get those, it does not mean that the mail box is bad, merely that MSN mail is over worked at the time.From: "Clement Dupuis" <cdupuis () cccure org>To: <robert () dyadsecurity com>,"'Vladamir'" <wireless.insecurity () gmail com>CC: full-disclosure () lists grok org uk Subject: RE: [Full-disclosure] CISSP Test Date: Wed, 23 Mar 2005 06:45:47 -0500 Robert E. Lee wrote:"SANS programs have little to do with security. I'm glad they changed theirpolicy. They seem more honest now." Good day Robert, Honesty is a very neat goal to achieve, however it has many facets. I lately learned (under all reserve, please correct me if you knowotherwise) that SANS no longer has any NON PROFIT portion left. They usedto be registered as a non-profit entity in the state of Maryland but it seems that it was dissolved. Technically we could say there is no SANS Institute left anymore as we knew it on the non profit side. After they dissolve SANS they created a FOR PROFIT corporation called ESCAL whichregistered the names used in the non-profit as trademarks for their new forprofit organization. Even thou you see the name GIAC and SANS being usedeverywhere, they are all trademark (not organizations) of the new privatelyowned company.Principals at SANS have NEVER claimed to be non-profit, it is a myth that we the people that have been dealing with SANS for a long time (since the time they were non profit) have been propagating. We have been keeping this myth alive simply because we did not know any better and we did not know that thenon-profit was dissolved. It was done without any noise or public announcement to the people that were already certified.So they NEVER lied but they never went to any length to inform people of thereal and current status of their corporation activity. Most people think that GIAC is non profit which is not the case anymore and this better explains the decision of dropping the practical requirement: it does not generate money and it is not a good business decision to keep somethingalive that will become a drain on the bottom line. Which is a bit contrary to the reason given of improving the overall state of the security community:-) Take care Clement _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_________________________________________________________________Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Esta mensagem pode conter informacao confidencial e /ou privilegiada. Se voce nao for o destinatario ou a pessoa autorizada a receber a mensagem, nao pode usar, copiar ou divulgar as informacoes nela contidas ou tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta mensagem por engano favor avise imediatamente ao remetente respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperacao
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RES: CISSP Test Jose Ribeiro Junior (Mar 23)
- Re: RES: CISSP Test Vladamir (Mar 23)
- Re: RES: CISSP Test SecurityLSI (Mar 26)
- Re: [OT] CISSP Test Anders Langworthy (Mar 26)
- Re: RES: CISSP Test R Mondesir (Mar 29)
- Re: RES: CISSP Test DAN MORRILL (Mar 29)
- Re: RES: CISSP Test J. Oquendo (Mar 29)
- Re: RES: CISSP Test SecurityLSI (Mar 26)
- Re: RES: CISSP Test Vladamir (Mar 23)