RE: CISSP Question

["April Carson" <ACarson () HNTB com>]

Ugghhh I tired packet Tracer 3.2 and 4.0 and found it annoying. I just
went out and got my own Cisco router and am much happier. Of course I
also get to play in works data center now and again.

-----Original Message-----
From: Craig Wright [mailto:Craig.Wright () bdo com au] 
Sent: Thursday, May 10, 2007 2:23 PM
To: April Carson; david.a.harley () gmail com; Simmons, James; Yousef Syed
Cc: security-basics () securityfocus com
Subject: RE: CISSP Question

Buying a router for home practice would lower your chances if I am in
the Interview.
 
First, we have the economics. A router simulator (such as Boson) is less
expensive and offers just as much and also maps to Cisco (and other)
exams and tutorials. Thus there is a manner of testing the skills. Thus
you have not demonstrated a good financial knowledge and thus are less
likely to make well informed project decisions.
 
Next a home router is limited to the extreme. It is a single router,
OSPF, VRRP etc are not generally feasible. There is no way to learn and
understand on a simple home router. You are unlikely to wipe and start
again as often. I could go on.
 
A simulator does far more. So this would be the proverbial next the
minute you decide to mention it.
 
Regards,
Craig



Craig Wright
Manager of Information Systems

Direct +61 2 9286 5497
Craig.Wright () bdo com au
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
www.bdo.com.au

Liability limited by a scheme approved under Professional Standards
Legislation in respect of matters arising within those States and
Territories of Australia where such legislation exists.

The information in this email and any attachments is confidential.  If
you are not the named addressee you must not read, print, copy,
distribute, or use in any way this transmission or any information it
contains.  If you have received this message in error, please notify the
sender by return email, destroy all copies and delete it from your
system. 

Any views expressed in this message are those of the individual sender
and not necessarily endorsed by BDO Kendalls.  You may not rely on this
message as advice unless subsequently confirmed by fax or letter signed
by a Partner or Director of BDO Kendalls.  It is your responsibility to
scan this communication and any files attached for computer viruses and
other defects.  BDO Kendalls does not accept liability for any loss or
damage however caused which may result from this communication or any
files attached.  A full version of the BDO Kendalls disclaimer, and our
Privacy statement, can be found on the BDO Kendalls website at
http://www.bdo.com.au or by emailing administrator () bdo com au.

BDO Kendalls is a national association of separate partnerships and
entities.

________________________________


From: listbounce () securityfocus com on behalf of April Carson
Sent: Thu 10/05/2007 10:46 PM
To: david.a.harley () gmail com; Simmons, James; Yousef Syed
Cc: security-basics () securityfocus com
Subject: RE: CISSP Question



Good points. However if someone was going to invest money into their
skills, I would be more impressed with someone who purchased a router
and set one up at home. This shows initiative, drive and a willingness
to learn.

Just because I have a drivers license and drive fast does not mean I am
a racecar driver. Someone who hammered through a boot camp to get the
certification but never put his or her hands on the equipment may not be
a skilled network administrator or security specialist. They might just
be someone who can memorize a large amount of information.

Ultimately, I believe you should find the job you want to have and
research what THEY require. If they want a degree and you get a
certification then perhaps you wasted your time. I do not believe there
is a hard and fast answer to this discussion of degree vs.
certification.

However, the discussion was interesting and fun!

As always,
-April

-----Original Message-----
From: David Harley [mailto:david.a.harley () gmail com]
Sent: Thursday, May 10, 2007 5:10 AM
To: April Carson; 'Simmons, James'; 'Yousef Syed'
Cc: security-basics () securityfocus com
Subject: RE: CISSP Question

> "I stand on the belief that you should not have to spend tons
> of money to prove your worth."
>
> PERFECT!!

Indeed. But it's an ideal, not real life.

Forget the security Certs. Most of us are, in the job market and
elsewhere,
to some extent defined by our qualifications, from school level
certifications to first and higher degrees, to all manner of vocational
qualifications. And they nearly all cost money. Of course, we don't
always
spend our own money on them: I don't think I've ever spent my own money
on a
vocational qualification, or even . I realize that some people do (for
instance, to break into an area where they aren't already working for
someone who's prepared to help them with professional development) and I
think it's unreasonable to suggest that they shouldn't commit money,
time
and effort into self-development. The point, though, is that most
qualifications cost someone money, and some of them cost a lot more than
CISSP, GIAC etc. But they're an attempt (however imperfect) to measure
baseline ability by objective criteria. If you're saying that we should
assess others purely by our own instincts and abandon all attempts to
assess
objectively, you must have more faith in the human race than I do.

As for the cost issues, let's remember that it's not cheap to implement
certs, supply training for them, design and implement testing, and so
on. In
other words, certifying bodies don't work for free, though not all are
for-profit and keep costs down by using certified volunteers, for
example. 

Mr Simmons, I don't use those letters after my name to "prove" that I'm
"important next to others". I use them (sometimes) because some
customers,
publishers etc. find it reassuring that I've signed up to a baseline
level
of professional development and ethical standards in the field in which
I
work. It helps that unlike most of the vocational certs I've picked up
over
the years, they compress to an acronym that doesn't bloat my signature.
Since I am not "validated" by an impressive job title or affiliation
with a
major corporation, they give a very, very slight indication of where I
am in
the foodchain. But they don't prove I'm not an idiot. :)

--
David Harley CISSP, Small Blue-Green World
Security Author/Editor/Consultant/Researcher
AVIEN Guide to Malware:
http://www.smallblue-greenworld.co.uk/pages/avienguide.html
Security Bibliography:
http://www.smallblue-greenworld.co.uk/pages/bibliography.html





This e-mail and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed. If you are NOT the intended recipient or the person
responsible for delivering the e-mail to the intended recipient, be
advised that you have received this e-mail in error and that any use,
dissemination, forwarding, printing or copying this e-mail is strictly
prohibited.