Re: Training & Certifications

["Exibar" <exibar () thelair com>]

Interesting, if memory serves me (it does every now and again), before this
policy went into effect, they had a listing of all CISSPs right on their web
site.  Now, when they started that, I dunno, so even that could have been
after you're inquiry to them.

  it just wouldn't make any sense to have a certification process, and not
be able to verify if a potential job candidate is actually certified.  Talk
about being certified only on paper, print out your own certificate, instant
certification!  Kinda like those online diplomas :-)

  Ex


----- Original Message ----- 
From: "Laura Taylor" <ltaylor () relevanttechnologies com>
To: "'Exibar'" <exibar () thelair com>; "'Ron DuFresne'"
<dufresne () winternet com>; <full-disclosure () lists netsys com>
Sent: Tuesday, April 06, 2004 8:07 AM
Subject: RE: [Full-disclosure] Training & Certifications


> It sounds like this policy went into effect 10/1/03 from the looks of the
> posting. This is definitely new and was not on their site when I made my
> inquiry which was in 2002. The person was not mistaken as I called twice
to
> be sure...it is a new policy that they are not verifying...and a good
thing.
> It's nice to see. Thanks for pointing that out. Laura
>
> -----Original Message-----
> From: Exibar [mailto:exibar () thelair com]
> Sent: Monday, April 05, 2004 4:46 PM
> To: Ron DuFresne; full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Training & Certifications
>
>
> The person that Laura spoke to was mistaken,  right from their website it
> states:
>
> In the interim, (ISC)2 Services, 2494 Bayshore Boulevard, Suite 201,
> Dunedin, FL 34698 USA, PH: 1.888.333.4458, FX: 1.727.738.8522, will
continue
> to respond to any employer requests for (ISC)2 credential holder
> verifications. Such requests must be in writing on the employer's company
> letterhead and a release signature from the CISSP/SSCP must be included in
> the request.
>
> That's found here: https://www.isc2.org/cgi/directory.cgi
>
>   Exibar
>
>
> ----- Original Message -----
> From: "Ron DuFresne" <dufresne () winternet com>
> To: "Dave Howe" <DaveHowe () cmn sharp-uk co uk>
> Cc: "Email List: Full Disclosure" <full-disclosure () lists netsys com>;
"Laura
> Taylor" <ltaylor () relevanttechnologies com>
> Sent: Monday, April 05, 2004 2:16 PM
> Subject: Re: [Full-disclosure] Training & Certifications
>
>
> > [orig snipped]
> >
> > This was recently posted to the firewall wizards list, and relates to
this
> > topic;
> >
> > From: Laura Taylor <ltaylor () relevanttechnologies com>
> > Subject: RE: [fw-wiz] Seeking input: Research Proposal: "Is a third
> > position
> >     possible?"
> > Cc: firewall-wizards () honor icsalabs com
> > Date: Fri, 2 Apr 2004 10:30:33 -0500
> > To: 'Crispin Cowan' <crispin () crispincowan com>,
> >      "'Holt, Philip'" <holtp () seattleu edu>
> >
> > Something curious to know about CISSP is this....
> >
> > I was thinking of hiring a person with a CISSP and called up ISC2 to
> > verify
> > if they really were a CISSP. ISC2 told me that they never verify if
anyone
> > is a CISSP as it is an invasion of the person's privacy. I then asked
them
> > how could I know for sure if this person really was a CISSP and told
them
> > that the person was not listed in the CISSP database on the ISC2 web
site.
> > They then told me that not all CISSPs are listed in the database because
> > some don't want to be listed. They told me that the only way to verifiy
if
> > a person is a CISSP is to ask them for their certificate. I then asked
> > them if all certificates look exactly alike and can they tell me how to
> > know if a certificate it authenticate. I was told that all certificates
do
> > not look exactly alike and that they have changed their look over the
> > years so there is no way to know if a particular certificate is real or
> > not.
> >
> > After much discussion, it became clear that they were not willing to
> > verify if anyone is a CISSP, and that there was no way for anyone to
> > really verify this information unless the person chooses to be listed in
> > the database on the ISC2 web site. I told them that in my opinion their
> > process for certification was not consistent with the concept of "trust,
> > but verify" and I ended up not hiring the person I had originally
> > interviewed.
> >
> > If a certification cannot be verified, to me it is worthless. I'd rather
> > hire an MCSE because Microsoft is willing to verify all their
> > certifications.
> >
> > The philosophies and ethics of 2600 could possibly be questionable, but
I
> > dare say that ISC2 is not at all the organization that I once thought it
> > to be.
> >
> > Laura
> >
> >
> >
> >
> > Thanks,
> >
> > Ron DuFresne
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > "Cutting the space budget really restores my faith in humanity.  It
> > eliminates dreams, goals, and ideals and lets us get straight to the
> > business of hate, debauchery, and self-annihilation." -- Johnny Hart
> > ***testing, only testing, and damn good at it too!***
> >
> > OK, so you're a Ph.D.  Just don't touch anything.
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html