Noe the education, the certs, the experience, all in one makes you
qualified. Why cry about it when you could be reaching for all the
above?
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Nick Besant
Sent: Tuesday, December 05, 2006 5:45 AM
To: pen-test@securityfocus.com
Cc: dfullerton@mantor.org
Subject: Re: CISSP
I think it's a worthwhile qualification to have if only from the point
of view of structured learning. Unless you've already done a CS or
equivalent degree, it's unlikely that you'll have covered some of the
architectural or formal methodologies, practices, standards etc that you
must know to take the CISSP exam. On-the-job learning is an excellent
(I'm biased) way to learn all things security but you only tend to
learn the technologies etc around the environments you're working with.
I found the learning process, while covering some out-of-date material
that I'm unlikely to use in future, did cover some additional areas
which I've since applied to projects to my / my employer's benefit.
So; in summary, I would recommend it if you're looking for a broader
certification/career path/etc focusing on security. The breadth (not
really the depth) of the body of knowledge has provided me with a way to
cement together everything I've learned through working on or personal
research. YMMV :)
--
Nick Besant (lists@hwf.cc)
dfullerton@mantor.org wrote:
> Then I wonder if this certification should really have this kind of
> notoriety. Looks like it's not technical and if an 11 years old boy
> can complete this cert ...it's not about security management
> experience either.
>
> Anyone can give me some good reason to acquire CISSP while not being
> related to money and the wannabe marketing-made notoriety?
>
> Personally I done GCIH and GHTQ, the latest is harder and really
> related to penetration testing. I would like some GOOD reason for
> someone in the security field for a while and having others, more in
> deep, technical certification to go on with CISSP.
>
> Should we glorify such things? Tell me more about the exam, the topics
> are quite general and may not be totally in line with the exam and the
> real knowledge being certified.
>
> Danny Fullerton
> ---------------
> IT Security Specialist, GCIH GHTQ http://www.mantor.org/~northox
> Mantor Organization
>
> ----------------------------------------------------------------------
> --
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=70
> 1600000008bOW
>
------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
|