Security Basics mailing list archives
RE: Re: University Degree or CISSP
From: "Hytham Abu-Safieh" <hytham () rogers com>
Date: Mon, 30 Jan 2006 15:13:44 -0600
I too believe that skill and experience in the real world are what truly define an individual from the rest of the pack. Going to school, reading a book means very little to me as I want to be able to see what it is you are capable of performing in a real world scenario. Show me your skill, show me your aptitudes ... wonderful, you can read a book and answer multiple choice - I honestly don't care. I don't care if you can study for 22 hours straight and write an exam and acquire a score in the top 2%. I don't care. The real world dictates that comprehension of a particular situation requires you, the techie, the capability to adapt quickly when the need arises. You no longer have 22 hours to study an issue; you now have 10 minutes max to identify my current risk and mitigate my financial losses. If I'm going to be paying an individual a healthy six figure salary as a FTE or at minimum $75/hour as a contractor, your pretty little certifications bear next to no relevance in my dictatorship :) I believe that all technical interviews should be conducted using whiteboard scenarios and a real life lab. That, IMO, is one of the best ways to test how useful those pretty little acronyms at the end of your candidates name are. -Hytham PS If you can't tell, this is a touchy subject for me. I'm tired of people boasting about certs they have, but lack the basic ability to identify and understand a 3-way handshake in a sniffer trace. I've had the pleasure to work with some unique individuals unfortunately. -----Original Message----- From: FocusHacks [mailto:focushacks () gmail com] Sent: Saturday, January 28, 2006 9:43 PM To: J Q Cc: ilaiy; Huang, John, GCM; security-basics () securityfocus com Subject: Re: Re: University Degree or CISSP To chime in, Certificates basically show that you know how to study. There are a few certs that really really make you work for it, but honestly, CISSP isn't one of them. College degrees don't mean a lot either in the security industry. All they do is earn some respect, and can often leverage your entry-level salary a bit higher. I've seen CISSP's that couldn't perform an accurate assessment for anything, much less be a competent pen-tester. I'm talking script-kiddie "let's run some quick tools and get out" stuff. I've also seen CISSP's that were awesome at a great many things. Same with college degrees, same with any certificate. In the end, this industry is based on proof. If you don't stack up, you won't make it very far. Lots of titles behind your name and lots of gold stars on your resume will get people to notice you. You'd better have the skills and experience to back it up, though, or else you'll get kicked to the curb with the quickness. On 1/26/06, Elizabeth Lewis <e.lewis () infosecurityconsult com> wrote:
I have to say I agree. Nothing beats hands on experience. I just felt the need to defend the cert because I am currently working on getting my
CISSP.
:) And a college education will benefit you until the day you die. The CISSP does not have the same benefit, but it does not hurt to have it. (at
least
I hope not , or im wasting some valuable time trying to get it. :) Have a good one. Elizabeth -----Original Message----- From: ilaiy [mailto:ilaiy.e () gmail com] Sent: Thursday, January 26, 2006 1:04 AM To: Elizabeth Lewis Cc: Huang, John, GCM; security-basics () securityfocus com Subject: Re: Re: University Degree or CISSP I would say a CISSP is really good to have even though I have a Master, people are not bothered about the same. I was not given a job because I did not have a CISSP. It totally depends on company to company. Some of them think if you have a CISSP you are good. According to me it really doesnot matter what CERT's you have. It all boils down to what you know when it comes to security. Hands on experience is always the best. ./thanks ilaiy On 1/24/06, Elizabeth Lewis <e.lewis () infosecurityconsult com> wrote:I have a degree in comp. sci. from Purdue University. *Go Boilermakers!*andit is extremely valuable to ME, but in the REAL WORLD that I live in,
when
employers ask about my education they ask about certs first. They seem
to
care little about my bachelor's degree. They tell me "that's great" theninthe same breath they ask about certs and experience. It took me 4 years
to
get the Purdue degree. And it is taking me another 4 to prep and get my CISSP, due to the 4 years of experience requirement. So in short, it isNOTa crazy discussion. You CAN compare the two, they both take 4 years, and they both take a lot of dedication to achieve. I know A LOT of people
who
have the degree, but would NEVER make it though a CISSP cert. maybe youareone of them. A CISSP is nothing to laugh off. . My advise to John
Huang.
GET THEM BOTH. You won't regret it. Elizabeth -----Original Message----- From: Ken Kousky [mailto:kkousky () ip3inc com] Sent: Tuesday, January 24, 2006 12:38 PM To: 'Huang, John, GCM'; security-basics () securityfocus com Subject: RE: Re: University Degree or CISSP This is the craziest conversation I ever heard of - there is NO
comparison
between a REAL degree and CISSP. CISSP is great, valuable and vital but
it
isn't in any way comparable. Simply put, if you don't have a degree - get one and get the best one
you
can. -----Original Message----- From: Huang, John, GCM [mailto:John.Huang () rbsgc com] Sent: Monday, January 23, 2006 1:41 PM To: security-basics () securityfocus com Subject: RE: Re: University Degree or CISSP Degree or CISSP? It depends on where you are in life. A degree helps you in the door and advancement into a management position usually require a college degree. But if you're already in the field and don't have a college degree, a CISSP cert is easier to obtain in a shorter amount of time, and provide more immediate benefit since you can put the things you learn into use. -----Original Message----- From: shyaam () gmail com [mailto:shyaam () gmail com] Sent: Friday, January 20, 2006 10:25 PM To: security-basics () securityfocus com Subject: Re: Re: University Degree or CISSP Yes, Very true. Nothing counts equivalent to experience, but experience comes only when someone starts somewhere. I have seen one big thing happening around. People in the industries shifted from technology to business, that is the point when they lost the security and created more loopholes in their own products as they reduced the time needed, reduced budgets and spent more on advertisements and marketing. How does that reflect on people. They need people already with experience. But how is that possible. Everybody needs to start somewhere. So experience does count, but I would say some foundation, some added qualification and some experience is good for a cool job. For a startup job, some degree and some cert is essential. PS: This is my opinion, I am not pointing out any company or any private organization. -S- ------------------------------------------------------------------------ --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ ----------------------- ******************************************************************** This e-mail is intended only for the addressee named above. As this e-mail may contain confidential or privileged information, if you are not the named addressee, you are not authorized to retain, read, copy or disseminate this message or any part of it. ********************************************************************
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting
experience.
Tailor your education to your own professional goals with degree customizations including Emergency Management, Business ContinuityPlanning,Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting
experience.
Tailor your education to your own professional goals with degree customizations including Emergency Management, Business ContinuityPlanning,Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting
experience.
Tailor your education to your own professional goals with degree customizations including Emergency Management, Business ContinuityPlanning,Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity
Planning,
Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
-- http://www.FocusHacks.com - The Ford Focus Modification Site! --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: University Degree or CISSP, (continued)
- Re: University Degree or CISSP Steven Kalcevich (Jan 25)
- Re: University Degree or CISSP Toby Barrick (Jan 25)
- RE: University Degree or CISSP Ken Kousky (Jan 26)
- RE: University Degree or CISSP evb (Jan 26)
- RE: University Degree or CISSP David Gillett (Jan 27)
- RE: Re: University Degree or CISSP Greg van der Gaast (Jan 29)
- RE: Re: University Degree or CISSP Elizabeth Lewis (Jan 25)
- Re: Re: University Degree or CISSP ilaiy (Jan 26)
- RE: Re: University Degree or CISSP Elizabeth Lewis (Jan 28)
- Re: Re: University Degree or CISSP FocusHacks (Jan 30)
- RE: Re: University Degree or CISSP Hytham Abu-Safieh (Jan 30)
- RE: Re: University Degree or CISSP Michael J. Benedetto (Jan 28)
- Re: University Degree or CISSP Steven Kalcevich (Jan 27)
- Re: University Degree or CISSP Aman Raheja (Jan 27)