Re: INFOSEC: Certifiably Certified

[InfoSec News <isn () c4i org>]

Forwarded from: Jim Eiden <jim_eiden () yahoo com>

That is the same mentality in the marketplace form the height of the
dotcom era where anyone with a Bachelors degree in Marketing
automatically qualified them as an expert with a Title of VP of
Branding.

Funny, every VP of branding I met had no idea who invented branding
(Procter & Gamble).  And none of them knew what the 4 P's were.  By
the way, the 4 P's are Price, Product, Promotion, and Place.  It is
known as the Marketing Mix.  And how you combine the 4 P's determines
your marketing strategy.

When I met these people, not one of them could tell me how they were
using the marketing mix.  Although they all had great business cards
with a fancy title.  Their idea of marketing/branding was to waste
money on expensive SuperBowl commercials.  They have nothing left to
show but a fancy sock puppet (pets.com).

Just like the PMP certification for project management.  Every
Recruiter is demanding that project managers have Project management
certification.  In order to get the certification, you need 5 years
Project management experience, but the marketplace has tunnel vision
demanding this piece of paper.  Over time there will be a problem with
this becuase you can't get the paper without the experience, and you
wont be able to get the experience without the paper.

I have a friend who has a Master's degree in Project Management from a
major University.  A recruiter told him he wasn't qualified because he
didn't have the certification.  He had to stop the recruiter and point
out that he had 2 years of study (in addition to his experience),
while those who have the certification, only had weeks of study.  
Hmmm, that tunnel vision again.

jim () eidenreport com


--- InfoSec News <isn () c4i org> wrote:
> Forwarded from: Eric Lee Green <eric () badtux org>
>
> On Wednesday 23 October 2002 11:44 pm, InfoSec News wrote:
> > eyes of a third party is foolish. Haphazardly hiring security
> > personnel on the basis of a certification for which there is not
> > even a standard (such as ISO 17799) is a reckless endangerment of
> > the hiring organization's resources. Furthermore, given the
> > interconnected nature of the Internet, in some cases, this has the
> > real possibility of adversely affecting security across the
> > Internet in general.
>
> Heh. Something I've been saying for years.
>
> > That having been said, I'm happy to announce that I'm going into
> > the certification business. If anyone cares to send me $500 and 
> > copies of
>
> I already beat him to it, in July 2001. See
> http://badtux.org/pooe.pdf for your own free certificate :-).
>
> PS: POOE stands for "Poker Of Overinflated Egos", where said
> "overinflated egos" belong to people who have enough certification
> letters on their business cards to write a novel with. Strange, how
> some of these people can become rather pompous in their insistence
> that nobody uncertified could possibly be competent.
>
> -- 
> Eric Lee Green          GnuPG public key at
> http://badtux.org/eric/eric.gpg



=====
Jim Eiden
Cell: (630) 567-9588
jim_eiden () yahoo com



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.