Secure Coding mailing list archives
CSSLP
From: lists at ticm.com (Bret Watson)
Date: Tue, 24 Mar 2009 21:14:56 +0900
Although point entry is tedious, it keeps the cert honest. Youcan't spend 3years converting oxygen into CO2 and remain certified. You actually have to do a few things. A CISSP person who has renewed once or twice is quite different from someone who has passed the exam after a cramsession. Someonewho certified once and lets their certification lapse is indistinguishable from the marginally-qualified candidate who crammed, passed, but ultimately couldn't maintain their cert.
OK I'll bite... 1. entering the CPE points was the drag - the interface was horrible and slow. 2. I didn't do a cram session - after 12 years as a it security manager I passed it in 40 minutes (and I had actually been through the questions three times by then) 3. To be honest I didn't expect otherwise - the exam was intended to certify people with the appropriate experience - originally, then someone found out what a money spinner it was to run cram schools for it since the questions are multiple choice - that is where the value of CISSP was lost. To me having a CISSP is a good measure when I'm looking for a mid-level consultant, not a junior. If the mid-level consultant doesn't have the CISSP - then good chance they are padding their experience. However if they renew it - I just consider their last company was willing to fund it. I find certifications are useful for two things only 1. it proves you can pass the exam, no matter that you went to the cram school or not - something must have stuck. 2. HR likes it because its easy to filter resumes Without the experience - someone with a cert is like someone with a degree - no experience to be able to convert knowledge into practice. Of course certs with real practical exams are something else - I'll pay them any day. SANS, CISCO, MS all have these and they have real value - you can't cram for them and they actually test your ability to extrapolate from your knowledge into the real world. Cheers Bret
Current thread:
- Announcing LAMN: Legion Against Meaningless certificatioNs, (continued)
- Announcing LAMN: Legion Against Meaningless certificatioNs Benjamin Tomhave (Mar 19)
- Announcing LAMN: Legion Against Meaningless certificatioNs Jeremy Epstein (Mar 19)
- Announcing LAMN: Legion Against MeaninglesscertificatioNs Tom Brennan - OWASP (Mar 19)
- Announcing LAMN: Legion Against Meaningless certificatioNs Paco Hope (Mar 19)
- Announcing LAMN: Legion Against Meaningless certificatioNs Joe Teff (Mar 20)
- Announcing LAMN: Legion Against Meaningless certificatioNs Bret Watson (Mar 21)
- Announcing LAMN: Legion Against Meaningless certificatioNs Benjamin Tomhave (Mar 21)
- Announcing LAMN: Legion AgainstMeaningless certificatioNs Jim Manico (Mar 21)
- CSSLP Paco Hope (Mar 23)
- CSSLP Rob Floodeen (Mar 23)
- Message not available
- CSSLP Bret Watson (Mar 24)
- Announcing LAMN: Legion Against Meaningless certificatioNs Joe Teff (Mar 20)
- Announcing LAMN: Legion Against Meaningless certificatioNs Benjamin Tomhave (Mar 19)
- Announcing LAMN: Legion Against Meaningless certificatioNs Gary McGraw (Mar 23)