Secure Coding mailing list archives

any one a CSSLP is it worth it?

From: Dave.Wieneke at cunamutual.com (Wieneke, David A.)
Date: Wed, 14 Apr 2010 12:29:49 -0500

 
Having a CISSP certification I know it is more than just passing the
test.  You are not certified as a CISSP until you have another CISSP
attest to your qualifications and you submit a detail resume of your
security experience by domain to (ISC)2 auditors.  If the auditors do
not feel your experience is sufficient you don't get the certification.


I cannot discuss the test or the testing strategy [(ISC)2 CISSP NDA] but
(ISC)2 makes it known that not all the questions on the exam have the
same point value and some questions have no point value at all.

Dave

David Wieneke, CISSP, GSEC, MIT
IT Security Engineer
Security Operations
CUNA Mutual Group
1.800.356.2644 Ext. 7753
Dave.Wieneke at Cunamutual.com
 
Common Purpose. Uncommon Commitment.
 All information contained in this message is privileged, confidential
and intended for the sole use of the individual(s) named above. If you
are not the intended recipient, you are advised that any dissemination,
distribution or copying of this communication is prohibited. If you are
not the addressee or the person responsible for delivering this to the
addressee, or have received this e-mail in error, please notify us
immediately by returning the original message to the sender by e-mail
and deleting the material from any computer, and destroying printed
correspondence. 

-----Original Message-----
From: sc-l-bounces at securecoding.org
[mailto:sc-l-bounces at securecoding.org] On Behalf Of Wall, Kevin
Sent: Wednesday, April 14, 2010 10:25 AM
To: 'Gary McGraw'; Matt Parsons; Secure Code Mailing List
Subject: Re: [SC-L] any one a CSSLP is it worth it?


Gary McGraw wrote...

Way back on May 9, 2007 I wrote my thoughts about
certifications like these down.  The article, called
"Certifiable" was published by darkreading:

http://www.darkreading.com/security/app-security/showArticle.jhtml?artic
leID=208803630

I just reread your Dark Reading post and I must say I agree with it
almost 100%. The only part where I disagree with it is where you wrote:

        The multiple choice test itself is one of the problems. I
        have discussed the idea of using multiple choice to
        discriminate knowledgeable developers from clueless
        developers (like the SANS test does) with many professors
        of computer science. Not one of them thought it was possible.

I do think it is possible to separate the clueful from the clueless
using multiple choice if you "cheat". Here's how you do it. You write
up your question and then list 4 or 5 INCORRECT answers and NO CORRECT
answers.

The clueless ones are the ones who just answer the question with one of
the possible choices. The clueful ones are the ones who come up and
argue
with you that there is no correct answer listed. ;-)

-kevin
---
Kevin W. Wall           Qwest Information Technology, Inc.
Kevin.Wall at qwest.com    Phone: 614.215.4788
"It is practically impossible to teach good programming to students
 that have had a prior exposure to BASIC: as potential programmers
 they are mentally mutilated beyond hope of regeneration"
    - Edsger Dijkstra, How do we tell truths that matter?
      http://www.cs.utexas.edu/~EWD/transcriptions/EWD04xx/EWD498.html

This communication is the property of Qwest and may contain confidential
or
privileged information. Unauthorized use of this communication is
strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and
destroy
all copies of the communication and any attachments.

_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc -
http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC
(http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

any one a CSSLP is it worth it? Matt Parsons (Apr 12)
- any one a CSSLP is it worth it? Mike Lyman (Apr 13)
- any one a CSSLP is it worth it? Gary McGraw (Apr 13)
  - any one a CSSLP is it worth it? Wall, Kevin (Apr 14)
    - any one a CSSLP is it worth it? Wieneke, David A. (Apr 14)
    - any one a CSSLP is it worth it? Paco Hope (Apr 14)
    - any one a CSSLP is it worth it? Dana Epp (Apr 14)
    - any one a CSSLP is it worth it? Wall, Kevin (Apr 14)