Full Disclosure mailing list archives
Credibility (was User Insecurity)
From: "Gregory A. Gilliss" <ggilliss () netpublishing com>
Date: Fri, 19 Mar 2004 13:42:54 -0800
Actually what he is describing is what I refer to as "credibility". The CISSP after my name is a measure of my credibility. It tells otherwise clueless people, people without first hand experience and knowledge, something about me. Perhaps it tells them that I exhibit some measurable degree of knowledge or experience in my chosen field (security). For people who know me or know security, it may tell them nothing more than the fact that that I am a person who can afford $450 and can pass a standardized test. The letters mean something different than they do for people without experience, since each group (a) bases their measure of my credibility on something different (personal experience, word of mouth, rumor, slander, etc). Credibility is a function of perception (my assertion - YMMV). Sales people with crappy clothes and long hair may be "less credible" than "Ken dolls". MCSE is "more credible" than "pimply-kid-who-knows-how-to-install- NT". Doesn't necessarily mean that MCSE is "more knowledgeable" or "more professional" than "NT kid", but if *you* see it that way then *you* have defined the credibility. A hiring manager may look at two resumes and, all else being equal, will likely hire the one with the college degree or the certification because that person is "more qualified" - or, IOW, that person has more credibility. May not be the best choice, but that's what goes on. (Hiring managers who take exception may email me off list pls). Credibility equates to experience equates to clue (my assertion). In a "trust" relationship, you can start from "no trust" or "full trust" or anywhere in between (some trust, limited trust, etc). SSL is a good example of "full trust". Holes, exploits, etc reduce "trust" for a time (until the hole is patched). Microsoft suffers from a credibility problem because (a) people keep finding holes, (b) Microsoft often denies/ignores the holes, and (c) Microsoft takes a subjectively long period of time to patch the holes found in (a) and denied in (b). Credibility. We live and die by it in the security world as much as any mechanic/lawyer/doctor/insert other professional designation here... G On or about 2004.03.19 11:39:19 +0000, gadgeteer () elegantinnovations org (gadgeteer () elegantinnovations org) said:
What you describe regarding you and your mechanic is "blind trust". You are trusting his abilities as a mechanic based on you preception of him as a person.
<<SNIP>> -- Gregory A. Gilliss, CISSP E-mail: greg () gilliss com Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: User Insecurity Earl Keyser (Mar 18)
- Re: User Insecurity gadgeteer (Mar 19)
- Credibility (was User Insecurity) Gregory A. Gilliss (Mar 19)
- Re: Credibility (was User Insecurity) Ron DuFresne (Mar 22)
- Re: Re: User Insecurity Dave Horsfall (Mar 20)
- Credibility (was User Insecurity) Gregory A. Gilliss (Mar 19)
- Re: User Insecurity gadgeteer (Mar 19)