Security Basics mailing list archives
Re: CISSP Question
From: Florian Rommel <frommel () gmail com>
Date: Wed, 02 May 2007 23:34:11 +0300
Touché James. Well done you pointed the one thing out that I have been thinking about for a while as well. However in 99% I would say a person that has been on Guard duty for 4 years won't have much interest in a CISSP and then , if he should get it, will have to do quite some catching up to do. Most employers will find it rather weird that he or she was doing guard duty for 4 years and got a CISSP :) I do think though that this is a viable loophole for anyone that wants to exploit it that way. I do think it is a little far fetched because you still have to show that your job included some of the actions on the list. Good point though, I like it. Wonder what ISC2 has to say about this and how many people have used that or a similar loophole already. Cheers, //Flosse http://blog.2blocksaway.com On 5/2/07 10:57 PM, "Simmons, James" <jsimmons () eds com> wrote:
So here is a thought for everyone. To qualify for CISSP, you should have at least four years of experience in one of the ten domains. Of which includes Physical Security. So with a bit of cramming, your gun cleaning, gate guard of 4 years can be a qualified CISSP with next to minimal experience in Information security. And as per the ISC2 webpage, to qualify experience you need to have done some of the included actions. (https://www.isc2.org/cgi-bin/content.cgi?category=1187) Reactions anyone? P.S. I am not saying that all gate guards are incapable of being good CISSP's. I am just pointing out an all too common scenario. Regards, Simmons -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Florian Rommel Sent: Wednesday, May 02, 2007 10:53 AM To: Nicolas villatte; krymson () gmail com; security-basics () securityfocus com Subject: Re: CISSP Question I agree with Nicolas here. I definitely wouldn't endorse a Desktop Jockey with 4 years of experience. I already filed once a complaint because I know a guy who, because he has some certifications and has worked as a pc support, thinks he is qualified to take the exam. His "boss/ partner in crime" was ready to sign off on it. I know for some people a certification like the CISSP doesn't mean much but that still shouldn't mean anyone can get in. I had my work experience fully documented by all my previous employers before I took the exam. Security experience in any of the 10 domains for 4 years doesnt mean that during those 4 years you should have done something security related at some point it means that your position was directly security related. //flosse http://blog.2blocksaway.com On 5/2/07 9:47 AM, "Nicolas villatte" <Nicolas.Villatte () chello be> wrote:Not really, because 5% of your time involved in security during 4 years would give you barely 2 months of experience. I don't know any CISSP who would endorse such a candidate. https://www.isc2.org/cgi/content.cgi?category=1187 "Applicants must have a minimum of four years of direct full-time security professional work experience in one or more of the ten domains of the (ISC)² CISSP® CBK®." Regards, Nicolas. ---------------------------------------------------------------------- ------ -------- Nicolas VILLATTE CISSP, GCIA, GCIH, GCFA Sr. Security Management Specialist -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of krymson () gmail com Sent: mardi 1 mai 2007 14:14 To: security-basics () securityfocus com Subject: RE: CISSP Question Just a quick add, don't overthink the 4 years' experience requirement. You need that experience in any one (or more) of the 10 domains. Honestly, if you're a desktop support jockey for 4 years and you do some sort of security as part of your work (do you manage passwords and/or respond to spyware incidents?), you can still qualify. Realistically, anyone with 4 years' experience in IT.
Current thread:
- RE: CISSP Question krymson (May 01)
- RE: CISSP Question Chris Smith (May 01)
- RE: CISSP Question Nicolas villatte (May 02)
- Re: CISSP Question Florian Rommel (May 02)
- RE: CISSP Question Simmons, James (May 02)
- Re: CISSP Question Florian Rommel (May 02)
- RE: CISSP Question Al Gettier (May 02)
- RE: CISSP Question Simmons, James (May 02)
- RE: CISSP Question Kelly, Robert L (Lee) (May 03)
- Re: CISSP Question Florian Rommel (May 02)
- RE: CISSP Question David Gillett (May 02)
- <Possible follow-ups>
- Re: Re: CISSP Question nomail (May 01)
- RE: CISSP Question David Gillett (May 01)
- RE: CISSP Question Craig Wright (May 02)
- RE: CISSP Question Craig Wright (May 02)
- RE: CISSP Question Lee McDonald (May 04)
- RE: CISSP Question Simmons, James (May 04)
- RE: CISSP Question Lee McDonald (May 04)