RE: Life After CISSP?

[Joey Peloquin <jpelo1 () jcpenney com>]

> > I am also a CISSP.  How does asking a group of security 
> > professionals their experience after the cert, career, and 
> > salary advice, lead you to express to the entire list that he 
> > doesn't have the required experience for the exam?

For you, and any others with the same question, I submit my offlist reply to
his offlist response:

-- Begin --
http://search.securityfocus.com/swsearch?query=J.+Yoon&sbm=archive%2F105%2F&;
submit=Search%21&metaname=author&sort=swishrank

Indeed, the majority of your posts were about XP.  Being a mostly
self-taught security practitioner myself, I can relate with you learning on
your own.

I tend to be a blunt and open person, so I'll give it to you straight, no
offense intended.

Looking at the type of questions you asked (All of the XP questions you
asked can be found via a google search.), gave me the perception that you
were a complete newbie, unwilling or unable to do his own research.  

No doubt, it looks like you have put some time in "on-the-job", but I expect
people with as much experience as you say you have to know how to find
answers to their questions (yes, that can mean a list, after all other
options are exhausted).  There's a great paper I like to link occasionally
that discusses this topic
[http://www.catb.org/~esr/faqs/smart-questions.html].

Understand, there are people out there who've had their CISSP for years.
There are also new CISSPs out there who have put 10, 20, even 30 years into
the information security field.  *You* are a CISSP now, and a great
responsibility comes with those letters.  You should be leading by example,
compiling research and making it available to newbies and colleagues,
fielding tough questions, and solving problems.  

Basically, what I'm saying is you have a repsonsibility to help the CISSP
retain its credibility.  ALL of you do; from what I've read, it's already
too easy to pass the exam, and it is in danger of going the way of the MCSE
(pitiful waste of time getting that cert).

NOT asking simple questions you can find the answer to yourself with 30
minutes or less and a browser is part of that responsibility.
-- End --

> > I would also like to know about "other" peoples experience 
> > after they got certified.

Agreed, it would be interesting reading, but IMO, security-basics wouldn't
be the proper forum.  If I wanted to know such information, I'd be looking
at http://www.cissp.com/digiposts/DigiPosts?site=1.

I don't want to batter the list with any more of this, I spoke my mind, if
anyone disagrees or has a problem with it, take it up with me offlist.

Joey Peloquin

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------