RE: Notes from CISSP class with Dr. Eric Cole

[<PPowenski () oag com>]

please elaborate on what certification HAS NOT turned into all those
items you cite?
It is the nature of the beast and this industry.

BTW I am a CISSP and worked in the information security field for 20
years before aquiring the CISSP.

Finishing my masters in information security which I also feel is a more
solid foundation in terms of discovering new ideas and overall security
management than being 'certified' in some vendor interpertation of
security or IT for that matter.

The only other group I would pursue in terms of a worthwhile
certification is the SANS series. There are probably others as worthy as
SANS but who has the time to keep track. There develops another problem
and where does it end.

Do you believe any vendor firewall, IDS, IPS, OS Platform certification
enlightens you on overall network security management?





-----Original Message-----
From: dreamwvr [mailto:dreamwvr () dreamwvr com] 
Sent: 11 October 2005 16:51
To: webappsec () securityfocus com
Subject: Re: Notes from CISSP class with Dr. Eric Cole


> A pre requisite for getting certified as a CISSP is to have at least 4

years
> experience in the field of security, in at least one of the domains 
covered
> in the common body of knowledge.
>
> The certification is also non vendor specific, and to say that it is
based  >on jargon or 'certain terminology' is pure folly.  >  >\As far
as I am concerned, if you have issues with the certification, it
> probably means you haven't got it, or you can't get it. It is doubtful
the censors will allow this to make the list anyways..

IMHO/FWIW the CISSP certification meant well, it really did. However Iit
has noticably it fleshed out into much less than what was intended  
this
I am sure. Don't get me wrong the 10 domains of knowledge are valid.
However, it is a little offensive for someone with say over a decade
plus of security experience in the domains to find this the only
criteria of 
validation
 for some. (Shall I say a false sense of security? ;-)

It makes one want to avoid corps that use this as their exclusive skill
validation tool..

It has become largely like the MCSE paper program..
It has become a little mucky muck ..
It has become a cash cow..
[...]


Best Regards,
dreamwvr () dreamwvr com

NOTICE: This e-mail is intended for the named recipient(s). It may contain privileged and/or confidential information. 
If you are not one of the intended recipients, please notify the sender immediately and destroy this e-mail and 
attachment(s): you must not copy, distribute, retain or take any action in reliance upon the email or attachment(s). 
While all reasonable efforts are made to safeguard inbound and outbound e-mails, OAG Worldwide Ltd and its affiliate 
companies cannot guarantee that attachments are virus-free or are compatible with your systems, and does not accept 
liability in respect of viruses or computer problems experienced. Thank you.