RE: Re: University Degree or CISSP

["Hytham Abu-Safieh" <hytham () rogers com>]

I too believe that skill and experience in the real world are what truly
define an individual from the rest of the pack.  Going to school, reading a
book means very little to me as I want to be able to see what it is you are
capable of performing in a real world scenario.  Show me your skill, show me
your aptitudes ... wonderful, you can read a book and answer multiple choice
- I honestly don't care.  I don't care if you can study for 22 hours
straight and write an exam and acquire a score in the top 2%.  I don't care.
The real world dictates that comprehension of a particular situation
requires you, the techie, the capability to adapt quickly when the need
arises.  You no longer have 22 hours to study an issue; you now have 10
minutes max to identify my current risk and mitigate my financial losses.  

If I'm going to be paying an individual a healthy six figure salary as a FTE
or at minimum $75/hour as a contractor, your pretty little certifications
bear next to no relevance in my dictatorship :)

I believe that all technical interviews should be conducted using whiteboard
scenarios and a real life lab.  That, IMO, is one of the best ways to test
how useful those pretty little acronyms at the end of your candidates name
are.

-Hytham

PS If you can't tell, this is a touchy subject for me.  I'm tired of people
boasting about certs they have, but lack the basic ability to identify and
understand a 3-way handshake in a sniffer trace.  I've had the pleasure to
work with some unique individuals unfortunately.



-----Original Message-----
From: FocusHacks [mailto:focushacks () gmail com] 
Sent: Saturday, January 28, 2006 9:43 PM
To: J Q
Cc: ilaiy; Huang, John, GCM; security-basics () securityfocus com
Subject: Re: Re: University Degree or CISSP

To chime in, Certificates basically show that you know how to study.
There are a few certs that really really make you work for it, but
honestly, CISSP isn't one of them.  College degrees don't mean a lot
either in the security industry.  All they do is earn some respect,
and can often leverage your entry-level salary a bit higher.

I've seen CISSP's that couldn't perform an accurate assessment for
anything, much less be a competent pen-tester.  I'm talking
script-kiddie "let's run some quick tools and get out" stuff.  I've
also seen CISSP's that were awesome at a great many things.  Same with
college degrees, same with any certificate.

In the end, this industry is based on proof.  If you don't stack up,
you won't make it very far.  Lots of titles behind your name and lots
of gold stars on your resume will get people to notice you.  You'd
better have the skills and experience to back it up, though, or else
you'll get kicked to the curb with the quickness.

On 1/26/06, Elizabeth Lewis <e.lewis () infosecurityconsult com> wrote:
> I have to say I agree. Nothing beats hands on experience. I just felt the
> need to defend the cert because I am currently working on getting my
CISSP.
> :)
> And a college education will benefit you until the day you die. The CISSP
> does not have the same benefit, but it does not hurt to have it.  (at
least
> I hope not , or im wasting some valuable time trying to get it. :)
>
> Have a good one.
> Elizabeth
>
>
>
> -----Original Message-----
> From: ilaiy [mailto:ilaiy.e () gmail com]
> Sent: Thursday, January 26, 2006 1:04 AM
> To: Elizabeth Lewis
> Cc: Huang, John, GCM; security-basics () securityfocus com
> Subject: Re: Re: University Degree or CISSP
>
> I would say a CISSP is really good to have even though I have a
> Master, people are not bothered about the same.
>
> I was not given a job because I did not have a CISSP. It totally
> depends on company to company. Some of them think if you have a CISSP
> you are good. According to me it really doesnot matter what CERT's you
> have. It all boils down to what you know when it comes to security.
> Hands on experience is always the best.
>
> ./thanks
> ilaiy
>
> On 1/24/06, Elizabeth Lewis <e.lewis () infosecurityconsult com> wrote:
> > I have a degree in comp. sci. from Purdue University. *Go Boilermakers!*
> and
> > it is extremely valuable to ME, but in the REAL WORLD that I live in,
when
> > employers ask about my education they ask about certs first. They seem
to
> > care little about my bachelor's degree. They tell me "that's great" then
> in
> > the same breath they ask about certs and experience. It took me 4 years
to
> > get the Purdue degree. And it is taking me another 4 to prep and get my
> > CISSP, due to the 4 years of experience requirement. So in short, it is
> NOT
> > a crazy discussion. You CAN compare the two, they both take 4 years, and
> > they both take a lot of dedication to achieve. I know A LOT of people
who
> > have the degree, but would NEVER make it though a CISSP cert. maybe you
> are
> > one of them.  A CISSP is nothing to laugh off. . My advise to John
Huang.
> > GET THEM BOTH. You won't regret it.
> >
> > Elizabeth
> >
> >
> > -----Original Message-----
> > From: Ken Kousky [mailto:kkousky () ip3inc com]
> > Sent: Tuesday, January 24, 2006 12:38 PM
> > To: 'Huang, John, GCM'; security-basics () securityfocus com
> > Subject: RE: Re: University Degree or CISSP
> >
> > This is the craziest conversation I ever heard of - there is NO
comparison
> > between a REAL degree and CISSP. CISSP is great, valuable and vital but
it
> > isn't in any way comparable.
> >
> > Simply put, if you don't have a degree - get one and get the best one
you
> > can.
> >
> > -----Original Message-----
> > From: Huang, John, GCM [mailto:John.Huang () rbsgc com]
> > Sent: Monday, January 23, 2006 1:41 PM
> > To: security-basics () securityfocus com
> > Subject: RE: Re: University Degree or CISSP
> >
> > Degree or CISSP? It depends on where you are in life. A degree helps you
> > in the door and advancement into a management position usually require a
> > college degree. But if you're already in the field and don't have a
> > college degree, a CISSP cert is easier to obtain in a shorter amount of
> > time, and provide more immediate benefit since you can put the things
> > you learn into use.
> >
> > -----Original Message-----
> > From: shyaam () gmail com [mailto:shyaam () gmail com]
> > Sent: Friday, January 20, 2006 10:25 PM
> > To: security-basics () securityfocus com
> > Subject: Re: Re: University Degree or CISSP
> >
> > Yes,
> > Very true. Nothing counts equivalent to experience, but experience comes
> > only when someone starts somewhere. I have seen one big thing happening
> > around. People in the industries shifted from technology to business,
> > that is the point when they lost the security and created more loopholes
> > in their own products as they reduced the time needed, reduced budgets
> > and spent more on advertisements and marketing.
> > How does that reflect on people. They need people already with
> > experience. But how is that possible. Everybody needs to start
> > somewhere. So experience does count, but I would say some foundation,
> > some added qualification and some experience is good for a cool job. For
> > a startup job, some degree and some cert is essential.
> >
> > PS: This is my opinion, I am not pointing out any company or any private
> > organization.
> >
> > -S-
> >
> > ------------------------------------------------------------------------
> > ---
> > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
> > University program offers unparalleled Infosec management education and
> > the case study affords you unmatched consulting experience.
> > Tailor your education to your own professional goals with degree
> > customizations including Emergency Management, Business Continuity
> > Planning, Computer Emergency Response Teams, and Digital Investigations.
> >
> >
> > http://www.msia.norwich.edu/secfocus
> > ------------------------------------------------------------------------
> > -----------------------
> > ********************************************************************
> >
> > This e-mail is intended only for the addressee named above.
> > As this e-mail may contain confidential or privileged information,
> > if you are not the named addressee, you are not authorized
> > to retain, read, copy or disseminate this message or any part of it.
> >
> > ********************************************************************
---------------------------------------------------------------------------
> > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> > The Norwich University program offers unparalleled Infosec management
> > education and the case study affords you unmatched consulting
experience.
> > Tailor your education to your own professional goals with degree
> > customizations including Emergency Management, Business Continuity
> Planning,
> > Computer Emergency Response Teams, and Digital Investigations.
> >
> > http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
> >
---------------------------------------------------------------------------
> > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> > The Norwich University program offers unparalleled Infosec management
> > education and the case study affords you unmatched consulting
experience.
> > Tailor your education to your own professional goals with degree
> > customizations including Emergency Management, Business Continuity
> Planning,
> > Computer Emergency Response Teams, and Digital Investigations.
> >
> > http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
> >
---------------------------------------------------------------------------
> > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> > The Norwich University program offers unparalleled Infosec management
> > education and the case study affords you unmatched consulting
experience.
> > Tailor your education to your own professional goals with degree
> > customizations including Emergency Management, Business Continuity
> Planning,
> > Computer Emergency Response Teams, and Digital Investigations.
> >
> > http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
> >
---------------------------------------------------------------------------
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity
Planning,
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
>


--
http://www.FocusHacks.com - The Ford Focus Modification Site!

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning,

Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------