Penetration Testing mailing list archives
Re: My Frustrations
From: Pete Herzog <lists () isecom org>
Date: Sat, 20 Dec 2008 10:05:10 +0100
Second, the number of times you see these questions come from 'certificed' professionals is silly. I frequently get forwards from lists full of CISSPs that post this kind of question, begging the world to wonder why anyone thinks that certification holds water. If not certified, from
Nowhere does an official statement stand that a CISSP is qualified to do security testing or security analysis. This is a market faux-pas. Who it was initiated by, I can guess. But the fact of the matter is that we shouldn't get down on CISSP carriers for being bad testers or analysts because the certification doesn't claim that they can be. The market is slowly realizing that it's not. It's the individuals that haven't realized it yet. They spent a lot of money, time, resources towards entering the profession and they want it to be worth something.
The closest I've seen to what a CISSP is supposed to be able to do is here: http://www.isc2.org/cissp-why-certify.aspx
------------------------------------------------------------------- Benefits of Certification to the Professional * Demonstrates a working knowledge of information security * Confirms commitment to profession * Offers a career differentiator, with enhanced credibility and marketability * Provides access to valuable resources, such as peer networking and idea exchange -------------------------------------------------------------------Nowhere does it show specialization or anything more than apparently a football fan would have for the game of football. We need to stop knocking the CISSP people and just understand they're mostly infosec fans who want to be more in the game. Next step, show them how to get good before they do any damage.
This is the reason why ISECOM offers the OPST, OPSA, OWSE, and OPSE-- not to supplant the other certifications but to foster the skills and abilities of those who want to be more than good in their fields- they want to have the right answers.
Sincerely, -pete. -- Pete Herzog - Managing Director - pete () isecom org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- RE: My Frustrations, (continued)
- RE: My Frustrations Erin Carroll (Dec 19)
- Re: My Frustrations H D Moore (Dec 18)
- Re: My Frustrations Nick Besant (Dec 18)
- RE: My Frustrations THOMAS, DEDRIC (ATTCLSMA) (Dec 18)
- Re: My Frustrations Nick Besant (Dec 18)
- Re: My Frustrations security curmudgeon (Dec 18)
- Re: My Frustrations Adriel T. Desautels (Dec 18)
- RE: My Frustrations suess13 (Dec 19)
- Re: My Frustrations Adriel T. Desautels (Dec 19)
- RE: My Frustrations Alex Eden (Dec 19)
- RE: My Frustrations Nick Vaernhoej (Dec 19)
- Re: My Frustrations Adriel T. Desautels (Dec 18)
- Re: My Frustrations Pete Herzog (Dec 20)
- Message not available
- Re: My Frustrations Pete Herzog (Dec 21)
- RE: My Frustrations Shenk, Jerry A (Dec 18)
- Re: My Frustrations tony_l_turner (Dec 18)
- Re: My Frustrations Adriel T. Desautels (Dec 19)
- Re: My Frustrations Roman Medina-Heigl Hernandez (Dec 23)
- Re: My Frustrations Adriel T. Desautels (Dec 23)
- Re: My Frustrations Roman Medina-Heigl Hernandez (Dec 23)