Secure Coding mailing list archives
Announcing LAMN: Legion AgainstMeaningless certificatioNs
From: jim at manico.net (Jim Manico)
Date: Sat, 21 Mar 2009 12:43:59 -1000
It really depends on what you are hiring for. If we are talking App/Software security - like Gary has said many times - I would rather hire a software guy and train them about security. Doing it the other way around is almost impossible. How can you really do software security if you are netsec expert with no experience writing real software? This is especially true if you are taking a more strategic approach to software security. And the opposite is true - hiring a coder to lock down a network probably isn't the best hiring choice! =) What really bothers me is that the CSSLP looks appsec operations focused - not developer SDLC focused (or so I've heard). The SANS cert for software security seems to drill a lot more into actual activities a developer should take in order write secure code and seems somewhat reasonable to me. I think a secure software architecture cert would round out current offerings well. ----- Original Message ----- From: Joe Teff To: SC-L at securecoding.org Sent: Friday, March 20, 2009 8:38 PM Subject: Re: [SC-L] Announcing LAMN: Legion AgainstMeaningless certificatioNs I notice certs like CISSP when hiring. It says the person has a basic understanding of all IS security areas. Nothing more. If someone can't pass the CISSP then I have to wonder why. -----Original Message----- From: Paco Hope <Paco at cigital.com> To: "SC-L at securecoding.org" <SC-L at securecoding.org> Date: Thu, 19 Mar 2009 11:36:45 -0400 Subject: Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs On 3/18/09 5:29 PM, "Jeremy Epstein" <jeremy.j.epstein at gmail.com> wrote: > If you don't have a CISSP, CISM, MCSE, or EIEIO - and you're proud of it ...then I'd say you have an overly simplistic view of the world. Anyone who believes that a credential automatically conveys some magical knowledge that you didn't have before is just as overly-simplistic as someone who disparages all credentials equally. It just isn't a black and white world. Paco -- Paco Hope, CISSP, CSSLP Technical Manager, Cigital, Inc http://www.cigital.com/ ? +1.703.585.7868 Software Confidence. Achieved. _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________ ------------------------------------------------------------------------------ _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20090321/db00672c/attachment.html
Current thread:
- Announcing LAMN: Legion Against Meaningless certificatioNs Jeremy Epstein (Mar 18)
- Announcing LAMN: Legion Against Meaningless certificatioNs SC-L Reader Dave Aronson (Mar 19)
- Announcing LAMN: Legion Against MeaninglesscertificatioNs Goertzel, Karen [USA] (Mar 19)
- Announcing LAMN: Legion Against Meaningless certificatioNs Benjamin Tomhave (Mar 19)
- Announcing LAMN: Legion Against Meaningless certificatioNs Jeremy Epstein (Mar 19)
- Announcing LAMN: Legion Against MeaninglesscertificatioNs Tom Brennan - OWASP (Mar 19)
- Announcing LAMN: Legion Against Meaningless certificatioNs Paco Hope (Mar 19)
- Announcing LAMN: Legion Against Meaningless certificatioNs Joe Teff (Mar 20)
- Announcing LAMN: Legion Against Meaningless certificatioNs Bret Watson (Mar 21)
- Announcing LAMN: Legion Against Meaningless certificatioNs Benjamin Tomhave (Mar 21)
- Announcing LAMN: Legion AgainstMeaningless certificatioNs Jim Manico (Mar 21)
- CSSLP Paco Hope (Mar 23)
- CSSLP Rob Floodeen (Mar 23)
- Message not available
- CSSLP Bret Watson (Mar 24)
- Announcing LAMN: Legion Against Meaningless certificatioNs Joe Teff (Mar 20)
- Announcing LAMN: Legion Against Meaningless certificatioNs SC-L Reader Dave Aronson (Mar 19)
- Announcing LAMN: Legion Against Meaningless certificatioNs Gary McGraw (Mar 23)