Full Disclosure mailing list archives
Re: Training & Certifications
From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 5 Apr 2004 13:16:14 -0500 (CDT)
[orig snipped] This was recently posted to the firewall wizards list, and relates to this topic; From: Laura Taylor <ltaylor () relevanttechnologies com> Subject: RE: [fw-wiz] Seeking input: Research Proposal: "Is a third position possible?" Cc: firewall-wizards () honor icsalabs com Date: Fri, 2 Apr 2004 10:30:33 -0500 To: 'Crispin Cowan' <crispin () crispincowan com>, "'Holt, Philip'" <holtp () seattleu edu> Something curious to know about CISSP is this.... I was thinking of hiring a person with a CISSP and called up ISC2 to verify if they really were a CISSP. ISC2 told me that they never verify if anyone is a CISSP as it is an invasion of the person's privacy. I then asked them how could I know for sure if this person really was a CISSP and told them that the person was not listed in the CISSP database on the ISC2 web site. They then told me that not all CISSPs are listed in the database because some don't want to be listed. They told me that the only way to verifiy if a person is a CISSP is to ask them for their certificate. I then asked them if all certificates look exactly alike and can they tell me how to know if a certificate it authenticate. I was told that all certificates do not look exactly alike and that they have changed their look over the years so there is no way to know if a particular certificate is real or not. After much discussion, it became clear that they were not willing to verify if anyone is a CISSP, and that there was no way for anyone to really verify this information unless the person chooses to be listed in the database on the ISC2 web site. I told them that in my opinion their process for certification was not consistent with the concept of "trust, but verify" and I ended up not hiring the person I had originally interviewed. If a certification cannot be verified, to me it is worthless. I'd rather hire an MCSE because Microsoft is willing to verify all their certifications. The philosophies and ethics of 2600 could possibly be questionable, but I dare say that ISC2 is not at all the organization that I once thought it to be. Laura Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Training & Certifications Robert Repp (Apr 02)
- Re: Training & Certifications Exibar (Apr 02)
- Re: Training & Certifications Harlan Carvey (Apr 02)
- RE: [inbox] Re: Training & Certifications Curt Purdy (Apr 04)
- Re: Training & Certifications Harlan Carvey (Apr 02)
- <Possible follow-ups>
- Re: Training & Certifications Robert Repp (Apr 02)
- Re: Training & Certifications Harlan Carvey (Apr 03)
- Re: Training & Certifications Dave Howe (Apr 03)
- Re: Training & Certifications Ron DuFresne (Apr 05)
- Re: [FD] Training & Certifications Andrew J Caines (Apr 05)
- Re: Training & Certifications Exibar (Apr 05)
- RE: Training & Certifications Laura Taylor (Apr 06)
- Re: Training & Certifications Exibar (Apr 06)
- Re: Training & Certifications Harlan Carvey (Apr 03)
- RE: Training & Certifications Bojan Zdrnja (Apr 05)
- Re: Training & Certifications Valdis . Kletnieks (Apr 05)
- RE: [inbox] Re: Training & Certifications Exibar (Apr 05)
- Re: Training & Certifications Exibar (Apr 02)
- Re: Training & Certifications Dave Aitel (Apr 03)