Re: CISSP Question

[Florian Rommel <frommel () gmail com>]

Touché James. Well done you pointed the one thing out that I have been
thinking about for a while as well. However in 99% I would say a person that
has been on Guard duty for 4 years won't have much interest in a CISSP and
then , if he should get it, will have to do quite some catching up to do.
Most employers will find it rather weird that he or she was doing guard duty
for 4 years and got a CISSP   :)

I do think though that this is a viable loophole for anyone that wants to
exploit it that way. I do think it is a little far fetched because you still
have to show that your job included some of the actions on the list.

Good point though, I like it. Wonder what ISC2 has to say about this and how
many people have used that or a similar loophole already.

Cheers,

//Flosse

http://blog.2blocksaway.com

On 5/2/07 10:57 PM, "Simmons, James" <jsimmons () eds com> wrote:

> So here is a thought for everyone.
>
> To qualify for CISSP, you should have at least four years of experience in one
> of the ten domains. Of which includes Physical Security. So with a bit of
> cramming, your gun cleaning, gate guard of 4 years can be a qualified CISSP
> with next to minimal experience in Information security.
> And as per the ISC2 webpage, to qualify experience you need to have done some
> of the included actions.
> (https://www.isc2.org/cgi-bin/content.cgi?category=1187)
>
> Reactions anyone?
>
> P.S. I am not saying that all gate guards are incapable of being good CISSP's.
> I am just pointing out an all too common scenario.
>
> Regards,
>
> Simmons
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
> Behalf Of Florian Rommel
> Sent: Wednesday, May 02, 2007 10:53 AM
> To: Nicolas villatte; krymson () gmail com; security-basics () securityfocus com
> Subject: Re: CISSP Question
>
> I agree with Nicolas here. I definitely wouldn't endorse a Desktop Jockey with
> 4 years of experience. I already filed once a complaint because I know a guy
> who, because he has some certifications and has worked as a pc support, thinks
> he is qualified to take the exam. His "boss/ partner in crime" was ready to
> sign off on it. I know for some people a certification like the CISSP doesn't
> mean much but that still shouldn't mean anyone can get in. I had my work
> experience fully documented by all my previous employers  before I took the
> exam.
>
> Security experience in any of the 10 domains for 4 years doesnt mean that
> during those 4 years you should have done something security related at some
> point it means that your position was directly security related.
>
> //flosse
> http://blog.2blocksaway.com
>
>
> On 5/2/07 9:47 AM, "Nicolas villatte" <Nicolas.Villatte () chello be> wrote:
>
> > Not really, because 5% of your time involved in security during 4
> > years would give you barely 2 months of experience. I don't know any
> > CISSP who would endorse such a candidate.
> >
> > https://www.isc2.org/cgi/content.cgi?category=1187
> >
> > "Applicants must have a minimum of four years of direct full-time
> > security professional work experience in one or more of the ten
> > domains of the (ISC)² CISSP® CBK®."
> >
> > Regards,
> > Nicolas.
> >
> >
> > ----------------------------------------------------------------------
> > ------
> > --------
> >
> > Nicolas VILLATTE
> >
> > CISSP, GCIA, GCIH, GCFA
> >
> > Sr. Security Management Specialist
> >
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] On Behalf Of krymson () gmail com
> > Sent: mardi 1 mai 2007 14:14
> > To: security-basics () securityfocus com
> > Subject: RE: CISSP Question
> >
> > Just a quick add, don't overthink the 4 years' experience requirement.
> > You need that experience in any one (or more) of the 10 domains.
> > Honestly, if you're a desktop support jockey for 4 years and you do
> > some sort of security as part of your work (do you manage passwords
> > and/or respond to spyware incidents?), you can still qualify. Realistically,
> > anyone with 4 years'
> > experience in IT.