Penetration Testing mailing list archives

Re: Re: CISSP

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 27 Dec 2006 21:24:03 +0000 (UTC)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 27 Dec 2006, Rob Meijer wrote:

On Tue, 19 Dec 2006, R. DuFresne wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 4 Dec 2006, dfullerton () mantor org wrote:

Then I wonder if this certification should really have this kind of notoriety. Looks like it's not technical and if an 11 
years old boy can complete this cert ...it's not about security management experience either.

Anyone can give me some good reason to acquire CISSP while not being related to money and the wannabe marketing-made 
notoriety?


To get hired.  It's a requirement for most companies seeking security
folks, some companies will hire you without, if you can show experience
in the field, and require you get one shortly after being employed., and
for any of the agencies that assist with those seeking employment in the
field.  If you are seeking experience in the field by hiring thru agencies
that will market you for security type work, a CISSP is a most, in most
cases upfront to get a foot in the door.


To me it sounds like you got it backwards.
It is large quantities of 'skill and experience' that is a requirement,
and some companies will hire you without if you have certifications like
CISSP and they are on a tight budget.

I would sugest to use the folowing rules of thumb with respect to
certifications:

* less 5 years relevant experience: get certified, if not for the
 knowledge, get them to get payed more !
* more than 10 years of relevant experience: certification is
 completely useless, don't bother.
* 5 to 10 years relevant experience and an empty or not fully verifiable
 resume: get certified, it compensates.
* 5 to 10 years relevant experience and a verifyable resume with some
 highlights in it: if you realy want a specific job that requires it,
 than get certified, otherwise, find a employer that does apreciate your
 skills and experience.

which might well work, if one could get around HR weinies and thepre-screening agencies that many companies rely upon these days. but yes,this was a valid route to consider back about 10-15 years ago. Timeschange and sometimes not for the better....



Thanks,

Ron Dufresne

- --~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFkuR3st+vzJSwZikRAomNAKCFejZP3BDnYs2I13hkVFcRwPik3gCgqD/u
aEIshz1o81j5G89tiDC0i5c=
=E4lF
-----END PGP SIGNATURE-----

Current thread:

RE: CISSP, (continued)
- RE: CISSP Craig Wright (Dec 04)
- Re: RE: CISSP mr . nasty (Dec 04)
  - RE: RE: CISSP Bates, Chris (Dec 05)
    - Re: CISSP Pete Herzog (Dec 07)
    - Re: CISSP Joseph McCray (Dec 10)
  - Re: RE: CISSP Tim Shea (Dec 05)
- Re: Re: Re: CISSP mr . nasty (Dec 05)
- Re: CISSP Michael Krzeszkowski (Dec 05)
- Re: CISSP Michael Mooney (Dec 10)
- Re: Re: CISSP shyaam (Dec 20)
- Re: Re: CISSP R. DuFresne (Dec 27)