RE: Seeking input: Research Proposal: "Is a third position possible?"

["Laura Taylor" <ltaylor () relevanttechnologies com>]

Something curious to know about CISSP is this....

I was thinking of hiring a person with a CISSP and called up ISC2 to verify
if they really were a CISSP. ISC2 told me that they never verify if anyone
is a CISSP as it is an invasion of the person's privacy. I then asked them
how could I know for sure if this person really was a CISSP and told them
that the person was not listed in the CISSP database on the ISC2 web site.
They then told me that not all CISSPs are listed in the database because
some don't want to be listed. They told me that the only way to verifiy if a
person is a CISSP is to ask them for their certificate. I then asked them if
all certificates look exactly alike and can they tell me how to know if a
certificate it authenticate. I was told that all certificates do not look
exactly alike and that they have changed their look over the years so there
is no way to know if a particular certificate is real or not.

After much discussion, it became clear that they were not willing to verify
if anyone is a CISSP, and that there was no way for anyone to really verify
this information unless the person chooses to be listed in the database on
the ISC2 web site. I told them that in my opinion their process for
certification was not consistent with the concept of "trust, but verify" and
I ended up not hiring the person I had originally interviewed.

If a certification cannot be verified, to me it is worthless. I'd rather
hire an MCSE because Microsoft is willing to verify all their
certifications.

The philosophies and ethics of 2600 could possibly be questionable, but I
dare say that ISC2 is not at all the organization that I once thought it to
be.

Laura

------------------------------------------------
Laura Taylor
Relevant Technologies, Inc.
www.relevanttechnologies.com


-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Crispin
Cowan
Sent: Tuesday, March 23, 2004 12:28 AM
To: Holt, Philip
Cc: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Seeking input: Research Proposal: "Is a third
position possible?"


Holt, Philip wrote:

> that reveals your thoughts concerning, "Is a third position possible?"
>   We are all aware of CISSP's Canons.
>   We are also all aware of the positions put forth and the beliefs
> held fast to of the 2600 Group, Hacktivismo, John Perry Barlow's
> "Declaration of Cyberspace" and a host of other similar positions and
> beliefs that are in fact counter-positions to those revealed in
> CISSP's Canon.
No, I'm not aware of the CISSP canon. To me, the philosophies of CISSP
are about as mystic and secretive as Scientology, and as such about as
useful :)

The 2600 crowd have a lot of well-known philosophies. One of the
particularly well-known canon of the 2600 crowd is that they never
actually agree on anything :) And I dare say that some 2600 people have
CISSPs.

So no, I have no idea what your question is. You suggest that there are
two diametrically opposed views here, but since you specify both by
obscure reference and never actually define them, it's really hard to
tell what the hell you are talking about. Please specify what you think
the opposing views are, and then we can discuss them.

Crispin

--
Crispin Cowan, Ph.D.
Security Consulting  http://crispincowan.com


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards