RE: Notes from CISSP class with Dr. Eric Cole

["Michael Krzeszkowski" <michaelk () infosecsolutions com au>]

Folks,

        Knowledge is one thing whilst experience is another.   What peeves
me off is the body of so called professionals who believe they know
everything.   I have seen all this before over the past 30 years.  It is a
combination of knowledge, experience and diplomacy which succeeds in this
industry.   Certification is necessary as is experience.  Certification at
least indicates a certain level of capability, knowledge and education (or
training).   Experience does not necessarily indicate continued education in
the field as information security changes on a daily basis.  What I say to
all the so called "nay sayers" of certification is "get a life and get over
it".

Michael

-----Original Message-----
From: Lyal Collins [mailto:lyal.collins () key2it com au] 
Sent: Tuesday, 11 October 2005 8:17 PM
To: webappsec () securityfocus com
Subject: RE: Notes from CISSP class with Dr. Eric Cole

I apologise if I upset some people.
I occasionally forget that having knowledge to pass an exam doesn't always
equate to having the skills and self initiative to use that knowledge
effectively to protect systems, applications, infrastucture and data.

Lyal

-----Original Message-----
From: Harley David [mailto:David.Harley () cfh nhs uk] 
Sent: Tuesday, 11 October 2005 1:23 AM
To: webappsec () securityfocus com
Subject: RE: Notes from CISSP class with Dr. Eric Cole


> I disagree regarding CISSP and some other certification processes. The 
> "knowledge measurement" process in this case is based upon knowing 
> certain terminology and the related definition inside and out as used
by the
> individuals in the certifying body.

Of course it is. My point is that this applies as a generality, not
specifically to CISSP or MCSE or whatever. You have to make assumptions 
about 'right' and 'wrong' content to mark an exam, and that includes
assumptions about terminology and definitions. Obviously, different
organizations can use variant terminology. Indeed, different people teaching
the same knowledge base may do the same thing wherever there's scope for
divergence. 
 
-- 
David Harley 
NHS Infrastructure Security Manager
Threat Assessment Centre Manager
Malware and Email Abuse Management Specialist
NHS Connecting for Health



This e-mail is confidential and privileged. If you are not the intended
recipient please accept our apologies; please do not disclose, copy or
distribute information in this e-mail or take any action in reliance on its
contents: to do so is strictly prohibited and may be unlawful. Please inform
us that this message has gone astray before deleting it. Thank you for your
co-operation.