Full Disclosure mailing list archives
Re: Training & Certifications
From: "Exibar" <exibar () thelair com>
Date: Tue, 6 Apr 2004 13:39:30 -0400
Interesting, if memory serves me (it does every now and again), before this policy went into effect, they had a listing of all CISSPs right on their web site. Now, when they started that, I dunno, so even that could have been after you're inquiry to them. it just wouldn't make any sense to have a certification process, and not be able to verify if a potential job candidate is actually certified. Talk about being certified only on paper, print out your own certificate, instant certification! Kinda like those online diplomas :-) Ex ----- Original Message ----- From: "Laura Taylor" <ltaylor () relevanttechnologies com> To: "'Exibar'" <exibar () thelair com>; "'Ron DuFresne'" <dufresne () winternet com>; <full-disclosure () lists netsys com> Sent: Tuesday, April 06, 2004 8:07 AM Subject: RE: [Full-disclosure] Training & Certifications
It sounds like this policy went into effect 10/1/03 from the looks of the posting. This is definitely new and was not on their site when I made my inquiry which was in 2002. The person was not mistaken as I called twice
to
be sure...it is a new policy that they are not verifying...and a good
thing.
It's nice to see. Thanks for pointing that out. Laura -----Original Message----- From: Exibar [mailto:exibar () thelair com] Sent: Monday, April 05, 2004 4:46 PM To: Ron DuFresne; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Training & Certifications The person that Laura spoke to was mistaken, right from their website it states: In the interim, (ISC)2 Services, 2494 Bayshore Boulevard, Suite 201, Dunedin, FL 34698 USA, PH: 1.888.333.4458, FX: 1.727.738.8522, will
continue
to respond to any employer requests for (ISC)2 credential holder verifications. Such requests must be in writing on the employer's company letterhead and a release signature from the CISSP/SSCP must be included in the request. That's found here: https://www.isc2.org/cgi/directory.cgi Exibar ----- Original Message ----- From: "Ron DuFresne" <dufresne () winternet com> To: "Dave Howe" <DaveHowe () cmn sharp-uk co uk> Cc: "Email List: Full Disclosure" <full-disclosure () lists netsys com>;
"Laura
Taylor" <ltaylor () relevanttechnologies com> Sent: Monday, April 05, 2004 2:16 PM Subject: Re: [Full-disclosure] Training & Certifications[orig snipped] This was recently posted to the firewall wizards list, and relates to
this
topic; From: Laura Taylor <ltaylor () relevanttechnologies com> Subject: RE: [fw-wiz] Seeking input: Research Proposal: "Is a third position possible?" Cc: firewall-wizards () honor icsalabs com Date: Fri, 2 Apr 2004 10:30:33 -0500 To: 'Crispin Cowan' <crispin () crispincowan com>, "'Holt, Philip'" <holtp () seattleu edu> Something curious to know about CISSP is this.... I was thinking of hiring a person with a CISSP and called up ISC2 to verify if they really were a CISSP. ISC2 told me that they never verify if
anyone
is a CISSP as it is an invasion of the person's privacy. I then asked
them
how could I know for sure if this person really was a CISSP and told
them
that the person was not listed in the CISSP database on the ISC2 web
site.
They then told me that not all CISSPs are listed in the database because some don't want to be listed. They told me that the only way to verifiy
if
a person is a CISSP is to ask them for their certificate. I then asked them if all certificates look exactly alike and can they tell me how to know if a certificate it authenticate. I was told that all certificates
do
not look exactly alike and that they have changed their look over the years so there is no way to know if a particular certificate is real or not. After much discussion, it became clear that they were not willing to verify if anyone is a CISSP, and that there was no way for anyone to really verify this information unless the person chooses to be listed in the database on the ISC2 web site. I told them that in my opinion their process for certification was not consistent with the concept of "trust, but verify" and I ended up not hiring the person I had originally interviewed. If a certification cannot be verified, to me it is worthless. I'd rather hire an MCSE because Microsoft is willing to verify all their certifications. The philosophies and ethics of 2600 could possibly be questionable, but
I
dare say that ISC2 is not at all the organization that I once thought it to be. Laura Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Training & Certifications, (continued)
- Re: Training & Certifications Exibar (Apr 02)
- Re: Training & Certifications Harlan Carvey (Apr 02)
- RE: [inbox] Re: Training & Certifications Curt Purdy (Apr 04)
- Re: Training & Certifications Harlan Carvey (Apr 02)
- Re: Training & Certifications Robert Repp (Apr 02)
- Re: Training & Certifications Harlan Carvey (Apr 03)
- Re: Training & Certifications Dave Howe (Apr 03)
- Re: Training & Certifications Ron DuFresne (Apr 05)
- Re: [FD] Training & Certifications Andrew J Caines (Apr 05)
- Re: Training & Certifications Exibar (Apr 05)
- RE: Training & Certifications Laura Taylor (Apr 06)
- Re: Training & Certifications Exibar (Apr 06)
- Re: Training & Certifications Harlan Carvey (Apr 03)
- RE: Training & Certifications Bojan Zdrnja (Apr 05)
- Re: Training & Certifications Valdis . Kletnieks (Apr 05)
- RE: [inbox] Re: Training & Certifications Exibar (Apr 05)
- Re: Training & Certifications Exibar (Apr 02)
- Re: Training & Certifications Dave Aitel (Apr 03)
- RE: [inbox] Re: Training & Certifications Curt Purdy (Apr 04)
- Re: Training & Certifications John Sage (Apr 05)