Re: Re: CISSP

[shyaam () gmail com]

Dear All,

> From this thread it is clearly seen that this conversation is a vicious cycle. Previously the same happened for some 
> other Cert and it keeps happening like this for ever. Why cant someone ever think about reality for a while.

Certs are something in paper that tells the recruiter that you know the basic stuff that you have to know to enter a 
position. It is the minimal need or requirement. A cert is not compared to a degree or anything else. Certs just prove 
that you are UP-TO-Date on your skillsets which you quote in your resume. If you have a CISSP cert and if you write 
your skill sets to be “Plumbing and drilling”, it doesn’t make sense, right. As in I donot mean to say that other 
technology people cannot write certifications, it is just something that is essential when you are looking for that 
particular field. It shows that you have the basic knowledge of what you need to know in that field. It doesn’t show 
how much skills you have and to what level. CCIE is completely different. If you don’t know everything about CISCO 
stuff, you cannot pass the exam as it is a 100% laboratory experiment including questions and stuff that are based on 
real life scenarios. If the same is repeated in question p
 aper format, then it is not a “Pro” like CCIE. It is only “Basic” knowledge. 

There are many of them in this list who has passed certs by using bootcamps and dumps. Do you expect them to know 
everything as a 50 yr old experienced guy in the SAME field. I don’t think so. Experience is the best, and if not certs 
show that you have the basic knowledge in your field. Unger grad and grad shows that you have had the patience to 
manage the education and your foundations are stronger in Computer Science or the degree you have chosen in. Without 
foundations, pillars wouldn’t stand. Foundations are most important for anything. It may be achieved by years of 
experience or by proper education. If you tell that “you were born intelligent and education made you a fool”, then 
understand that you are a fool for thinking like that and count the number of years you will be on the same level or go 
down in your level. 

Being modest is the best, accepting truth is even better. Self evaluation is best judgmental of what skills you 
possess. Being truthful on your experience and as well on the skill sets will help the security community keep clean. 
If you lie to the organizations that you possess experience and skill sets just because the community pays a lot of 
money, you are only shedding filth into the community. It is not going to help “Securing” anything. It is better to be 
honest and with good attitude. I am sure that this email may be offensive and the moderator may not even initiate in 
forwarding it. But the truth is not in what you have in the paper format, “has it entered into your brain” and if the 
answer is yes, “are you good enough in using that when situation arises”, it is the best if that is the case. Knowing 
the SOLUTIONS alone doesn’t help. Similarly, having the skills alone doesn’t protect anything. Using it at the right 
time at the right place in the right direction is the b
 est for improving the Security community.

Think about it once again and if you feel that you are not yet good enough for securing stuff, get back to the 
fundamental jobs of programming and networking and get more foundations as you can. If people talks high-level jargons, 
it doesn’t mean that they know stuff. It only means that their failure is seen soon. It is good to know stuff, but it 
is not always good to think in higher order. It is good to be very basic at your thoughts as that are the place of most 
weaknesses. Finding the weakness if the most essential part in the field of security.

Good Luck and Merry Christmas.

Shyaam