Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CISSP Test

From: Vladamir <wireless.insecurity () gmail com>
Date: Tue, 22 Mar 2005 23:34:35 -0500
In my opinion, they should do away with "boot camps", they churn out paper CCNAs, paper CISSPs, and they're doing nobody any real good.
Why did SANS do away with the practical portion of their (I forgot the name) exam? I read briefly about it, and it looks (well, looked) like a lot of fun, how hard would it be? 

Set up honey pot w/ snort, ethereal, secured logging server
Advertise "insecure machine"
Sit back, collect packets, write report.

Doesn't sound too hard to me!


J.A. Terranson wrote:


On Tue, 22 Mar 2005, Wade Woolwine wrote:



Just a word on the CISSP, you have to have worked in the field for 5 years
(3 years with degree) in order to get it...otherwise you'll get the ISC2
associates cert...same exam and after the x years period, you will
automatically be grandfathered in to CISSP.



Yeah, riiggghhhtttt.....

If they would actually enforce this requirement, then the CISSP *might*
mean something.  But they are fully aware of the outright fraudulent
CISSPs they are churning out (after all, they get the money either way,
why should they be self-policing?) - let's see, how many 18 year olds have
5 years experience???  Now, how many have CISSPs after going to a 1 week
"Boot Camp".

All of these certifications are now completely worthless, as they all
suffer from this defect.  And the certifying bodies have brought ruin,
rather than respect, to our profession.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: