RE: CISSP Question

["April Carson" <ACarson () HNTB com>]

I have enjoyed this thread and used some of the points in a class I am
currently in. Thanks to all. BUT I absolutely love this statement:

"I stand on the belief that you should not have to spend tons of money
to prove your worth."

PERFECT!!

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Simmons, James
Sent: Wednesday, May 09, 2007 10:44 AM
To: Yousef Syed
Cc: security-basics () securityfocus com
Subject: RE: CISSP Question

Yousef,
And that is my point in the whole discussion. It isn't a necessary evil
to obtain these certs, and I agree that, on a majority, it will help you
get the interview. But this requirement of having a certifications has
been highly exaggerated. There are plenty of high level, capable
individuals without certifications. So these individuals are being
weeded out prematurely because they do not have alphabet soup after
their names. 
What, in my opinion, is the big problem with this is that companies are
only looking for those letters, and disregarding most, if not all,
others. So what you have are individuals spending (or having to spend)
these high prices just to establish a level playing field, instead of
spending the time and money actually contributing to the industry. And
this is the scenario that I am trying to raise awareness over.  It seems
counter-intuitive to me on the purpose of certifications. Yes it shows
that people are willing, and dedicated, but it is not the only measuring
stick. I would rather higher an individual that has the drive to work on
projects, and try to accomplish something, on his own then someone who
decided that a single cert will give them a leg up on all these others
without certs. But, covered in my debate with Craig, depending on how
you believe ISC2 will react to your job experience, actual experience
may not be guaranteed.

I would say the best situation is if you have two individuals that have
work on the same degree of projects, have similar experience, and other
such measures, the person with the cert will have the upper hand. Of
which that is acceptable. I agree with that (though personally I would
just interview them both very thoroughly until I have a really good
understanding of their technical knowledge).

I stand on the belief that you should not have to spend tons of money to
prove your worth. And with certification prices these days, that is what
you are having to do. 


Regards,

Simmons

-----Original Message-----
From: Yousef Syed [mailto:yousef.syed () gmail com] 
Sent: Tuesday, May 08, 2007 5:22 PM
To: Simmons, James
Cc: security-basics () securityfocus com
Subject: Re: CISSP Question

Hi James,
I can't and won't argue with most of what yousay about certifications
- in general, I can't stand them either and often-times I just don't
trust them...

Unfourtunately, to move on in this industry, many jobs now require some
form of certification (often government jobs - atleast that's where I've
most commonly seen the requirement).
Although, I  may know, my collegaues may know, and some of my friends
may know that I've been working in security X-number of years and have
gained certain levels of experience; a future manager may not know that.
That future manager may have to wade through 100 CV/Resumes. To aid
himself to sorting the wheat from the chaff he may rely upon a
certification (that they "trust") from an independant third-party.
Hopefully, that certification is only used to aid the hiring process.
If that hiring process is farmed out to morons in HR, then you have a
serious problem (and I've already expressed my opinion on HR departments
hiring).

Much as we'd all love to be hired through our personal network and
recommendations (my last two roles have been acquired that way and it is
a great way to get work :) ) the realities of life mean that it isn't
always the way. The CISSP is just a good way to get your foot in the
door (Neither the Manager doing the hiring nor the CISSP should rely
upon it, though).

In that sence, they are a necessary evil.

ys


On 08/05/07, Simmons, James <jsimmons () eds com> wrote:
>         >>Being that they have stated that employment as an Operators 
> etc are not considered as valid experience, I would
>         >>state that I feel that this would be a role where there is 
> some management, design, consulting or other similar
>         >>activity involved.
>
> So if you already have 4 years of experience in management, or design,

> or consulting, what is the value of the CISSP? You are already doing 
> the job that most people are getting the certification are aiming for.

> Now of course this is a majority case, as there are people who get the

> cert for other reasons.
> But this is all my point.
> http://www.securityfocus.com/archive/105/466897/30/210/threaded
> Experience in doing the projects, actually getting involved in the 
> industry on your own, is the better way to spend your money then 
> getting a certification.
>
> And here we arrive back at the beginning.
>
>
> Regards,
>
> Simmons



--
Yousef Syed
"To ask a question is to show ignorance; not to ask a question, means
you remain ignorant" - Japanese Proverb

This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or 
entity to whom they are addressed. If you are NOT the intended recipient or the person responsible for delivering the 
e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, 
dissemination, forwarding, printing or copying this e-mail is strictly prohibited.