Re: Trust validation of programmers

[Rachel Rosencrantz <rachel.rosencrantz () predictive com>]

At 01:28 PM 7/1/98 GMT, ark () eltex ru wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> nuqneH,
>
> Rick Smith <rick_smith () securecomputing com> said :
> > I suppose one could say that the CISSP is supposed to address this problem,
> > though it's nowhere nearly as comprehensive (or costly) as guild style
> > apprenticeships.
>
> Say more, many people (incl me) will NEVER pay a single cent to ISS for
> certification. Don't trust me, don't trust my code, etc, if that does
> matter for you. I just don't care. I do not want to. I don't see WHY
> should i spend my money.

Just a little nit. ISS does not do CISSP certifications (although one
migh guess from the acronyms.  (ISC)2  (that's 2 is supposed to be 
superscript) does the certification.  

CISSP cert does look good on your resume. (How is the non-security 
person hiring a security person to judge if the candidate knows anything
in the first place?) But it certainly isn't proof that the person
is the one you want anyway.  Just because someone is good on a test doesn't
mean they nescessarily have good practical application skills or problem
solving skills.  And not having certification certainly doesn't
mean much either.  (Unless it is due to incapability of passing a test.)

Enough ramble.  I'll go back to hiding under the deluge of mail in my mail
box.

(Russle, russle)
-Rachel