WebApp Sec mailing list archives
Re: Re: Notes from CISSP class with Dr. Eric Cole
From: f_kenisky () earthlink net
Date: 11 Oct 2005 18:01:00 -0000
My opinion on this matter... Both of you are right. If your experience is more valuable than the certification then don't bother with the certification and the other way around. It's half a dozen of one and six of the the other. Whatever lights your pipe. As for myself I had several years of experience and felt that the certification helped me validate that experience both to myself and to those I work for and with. I know it's a strange thing for those of us who went the extra mile it's a strange phenom when after you receive the certification how people tend to think now you have all the knowledge. And those who think you're just full of it. I for one find that there are those few professionals who don't know any more now than before they were certified nor will then know any more now that they are. It's like this one player on my daughters basketball team. She's about as significant as a shadow. No matter what she does or how much she goes to practice she just doesn't get it. She might as well run back and forth on the court cause she provides nothing to the team. However she has become a liability. People (hackers) score on her all the time. Of course she gets frustrated by this but doesn't do any more to improve her skills. She will eventually make Varsity if she stays on the team. But what does that mean? She's got the 'Certification' but then will everyone on the Varsity be judged by the one who is without the necessary skills? The small answer is, YES. As human BEANS, we tend to pass judgement sort of like we elected a President based on propaganda politics. As you can see I hold many of the "SECURITY" Certifications. I've proud of this. I worked hard to get these, they were not handed to me and I didn't just take the test and pass. I studied for three years for all of them. Does that mean I'm dumb? To some... But then it could also mean that I'm determined. It could also mean I have a lot of money and don't have anything else to spend it on. Or that someone else really likes me and spent the money for me. Actually, I fall into the second category. I had to take the exams three different times because I had the experience of working through problems in my practical sense. But there is a reason for a theoretical methodology. What may work in your environment doesn't necessarily work globally. Therefore it pains us to think we have to change our view and think globally. Locally is difficult enough, hey I'm just as guilty. I took the test three times remember. I remember my bitterness after flunking each exam by what, two points or even in one case like one point. DAMN! Who needs to be certified? The funny part of this is that before I was certified I saw a problem with a network configuration. I recommended that management make a change for security reasons. Management just ignored what I said and brushed it off as a security issue too difficult to guard against. After I became certified and mentioned the same problem, Management took action. Now just exactly what did I do different? I've looked into the matter many times and can't figure it out. I don't work for them any more as the certifications help me obtain a greater salary (25g's) more than I was making. Not really putting me up there with Bill Gates but then again I'm not riding the bus these days. I teach for all these certifications I enjoy teaching them. I encourage all the students to forget how they do things and study how the exam's approach is to the issue. The certification doesn't make you a guru. It does however give you a good understanding of information security on a global level. It also (if you get involved with local chapters) gives you an opportunity to meet with others in your field. This part is invaluable! Frank Kenisky IV, CISSP, CISA, CISM Information Technical Security Specialist
Current thread:
- Re: Notes from CISSP class with Dr. Eric Cole, (continued)
- Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Oct 05)
- RE: Notes from CISSP class with Dr. Eric Cole Lyal Collins (Oct 05)
- Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Oct 05)
- RE: Notes from CISSP class with Dr. Eric Cole Harley David (Oct 10)
- RE: Notes from CISSP class with Dr. Eric Cole Lyal Collins (Oct 10)
- RE: Notes from CISSP class with Dr. Eric Cole Harley David (Oct 11)
- RE: Notes from CISSP class with Dr. Eric Cole Lyal Collins (Oct 11)
- RE: Notes from CISSP class with Dr. Eric Cole Michael Krzeszkowski (Oct 11)
- RE: Notes from CISSP class with Dr. Eric Cole Lyal Collins (Oct 11)
- Re: Notes from CISSP class with Dr. Eric Cole danew123 (Oct 11)
- Re: Notes from CISSP class with Dr. Eric Cole Eoin Keary (Oct 11)
- Re: Notes from CISSP class with Dr. Eric Cole dreamwvr (Oct 11)
- Re: Re: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 11)
- Re: RE: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 11)
- RE: RE: Notes from CISSP class with Dr. Eric Cole Craig Wright (Oct 12)
- RE: Notes from CISSP class with Dr. Eric Cole PPowenski (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole kgp (Oct 12)
- RE: Notes from CISSP class with Dr. Eric Cole Mark Roxberry (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Nov 02)