Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE)

[Pete Herzog <lists () isecom org>]

Hi David,

> The CISSP credential is not a networking credential.  It is a general
> security credential showing mastery of all aspects of security, not an
> in-depth knowledge of one.  A CISSP would be expected to serve in an

I think "mastery" includes capability and not just knowledge thereof.  To 
master something means to be at the top of a craft.  It means to know 
something deeply and to be able to apply that knowledge broadly.  I 
disagree that a CISSP shows a mastery of all things security.

> advisory or audit capacity and not in a network engineer capacity.  The

Just broad knowledge of security best practices to apply broadly where one 
sees them is unhealthy to any organization.

> If a CISSP with no experience is applying for a networking job then
> shame on them.  If you hire a CISSP for a networking job when they have
> no specific networking experience then shame on you.

And yet they do all the time.  Many of us know many CISSPs who didn't have 
the experience, were able to fudge it, and were able to get their 
certification without having any problem finding another CISSP vouch for 
them. Talking a solution does not show successful implementation of one.

> Credentials can only be looked at to strengthen the credibility of a
> person's resume, not to create credibility where this is no experience.

Not true. Certification can provide those lacking experience to show 
ability and be an asset to an organization in that particular field. So it 
can show credibility where no experience exists. People already do this now 
looking to switch job descriptions, need to learn a specific aspect of a 
job, seek to enhance current ability, or to improve their marketability for 
new jobs.

> Either way if you are going to criticize things in public you should
> know what you are talking about or you will just point out to everyone
> that you don't know the industry as well as you think.

I agree with that statement however I also think putting on rose-colored 
glasses does not make the current industry on-goings any rosier for other 
people who end up being the victims instead of the benefactors of security.

-pete.

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------