Penetration Testing mailing list archives
Re: CISSP
From: "Michael Krzeszkowski" <michaelk () infosecsolutions com au>
Date: Tue, 5 Dec 2006 20:05:43 +1100
All,
I keep hearing and reading the same old obtuse and ridiculous
arguments regarding certifications. A while back I provided my opinion,
which I will share again.
2. Knowledge is one thing whilst experience is another. What peeves me
off is the body of so called professionals who believe they know everything.
I have seen all this before over the past 30 years. It is a combination of
knowledge, experience and diplomacy which succeeds in this industry.
Certification is necessary as is experience. Certification at least
indicates a certain level of capability, knowledge and education (or
training). Experience does not necessarily indicate continued education in
the field as information security changes on a daily basis. What I say to
all the so called "nay sayers" of certification is "get a life and get over
it".
3. Whilst I find it difficult to believe that an eleven year child can
attain the certificate, it is always possible. Any why not as there are
many well educated and smart children in India. One should get all the
facts first before one opens one's mouth.
4. Remember, CISSP is not an in-depth technical certification. If you
want to specialise, then carry out specialist certifications/exams (there
are numerous).
Regards
Michael
InfoSec Solutions Pty Ltd
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of dfullerton () mantor org
Sent: Tuesday, 5 December 2006 6:11 AM
To: pen-test () securityfocus com
Subject: Re: Re: CISSP
Then I wonder if this certification should really have this kind of
notoriety. Looks like it's not technical and if an 11 years old boy can
complete this cert ...it's not about security management experience either.
Anyone can give me some good reason to acquire CISSP while not being related
to money and the wannabe marketing-made notoriety?
Personally I done GCIH and GHTQ, the latest is harder and really related to
penetration testing. I would like some GOOD reason for someone in the
security field for a while and having others, more in deep, technical
certification to go on with CISSP.
Should we glorify such things? Tell me more about the exam, the topics are
quite general and may not be totally in line with the exam and the real
knowledge being certified.
Danny Fullerton
---------------
IT Security Specialist, GCIH GHTQ
http://www.mantor.org/~northox
Mantor Organization
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Current thread:
- RE: CISSP, (continued)
- RE: CISSP Angelacci, Anna M CTR SPAWAR, J616 (Dec 07)
- Re: Re: CISSP R. DuFresne (Dec 19)
- RE: Re: CISSP Mueller, Daniel (NMCI CIRT) (Dec 20)
- RE: CISSP Craig Wright (Dec 04)
- Re: RE: CISSP mr . nasty (Dec 04)
- RE: RE: CISSP Bates, Chris (Dec 05)
- Re: RE: CISSP Tim Shea (Dec 05)
- Re: Re: Re: CISSP mr . nasty (Dec 05)
- Re: CISSP Michael Krzeszkowski (Dec 05)
- Re: CISSP Michael Mooney (Dec 10)
- Re: Re: CISSP shyaam (Dec 20)
- Re: Re: CISSP R. DuFresne (Dec 27)