Security Basics mailing list archives

Re: Certifications: Not worth the paper they are printed on?

From: "W. Lee Schexnaider" <l.schex () gmail com>
Date: Tue, 7 Oct 2008 19:55:43 -0500

Hello,

I can only comment on my experiences with the CISSP. They recently increased the number of years of experience you
must have to take the exam and you have to have another CISSP sponsor you. A former employer decided it would pay
for the exams and those interested formed a study group. We studied for months for the exam. All of us had
experience either in systems administration or security application software development.

I can't vouch for other exams, but I can tell you one thing about the CISSP exam (without breaking any of the
agreements you have to sign to not reveal questions) that is really not covered in most of the books on the subject.
While the exam does test on raw knowledge, most people who took the test agreed it was questions about the
application of the knowledge that was surprising. Yes, you would need to know the OSI model, but the questions
tended to be how to apply that knowledge in a given situation or event rather than just regurgitating the aspects of
layers. The application of the knowledge is probably where real-world experience comes in.

I taught one local workshop on the application and system development section of the exam and the application of
knowledge is what I emphasized with examples and anecdotes from my own work as a QA tester for security/compliance
software, systems administrator and compliance content developer/researcher.

I have told people that studying the topics really made a difference more than a few times in my various positions.
It really helped in problem solving by being able to put various pieces together. The cert is nice and helped me
gain the position I hold now, but the intense studying is what made me a better employee.

Just my two cents.

W. Lee Schexnaider, CISSP

Sr. Engineer – Compliance Content Developer

Symantec Corporation

www.symantec.com


lee_schexnaider () symantec com


-----------------------------------------------------

On Mon, Oct 6, 2008 at 4:28 PM, <krymson () gmail com> wrote:


Jon, nice post. I just wanted to mention that if someone misses their Security+ yet has 100+ certs (or even 10+ 
certs), they need to be avoided. They obviously don't have the knowledge (yet) for security and they certainly have 
learned nothing about how to study and take a test.


........

Current thread:

Certifications: Not worth the paper they are printed on? Jon Kibler (Oct 06)
- <Possible follow-ups>
- Re: Certifications: Not worth the paper they are printed on? krymson (Oct 07)
  - Message not available
    - Re: Certifications: Not worth the paper they are printed on? W. Lee Schexnaider (Oct 08)