Security Basics mailing list archives
RE: CISSP Question
From: "Simmons, James" <jsimmons () eds com>
Date: Wed, 9 May 2007 12:43:53 -0500
And that is a particularly special case also. If you have to go in front of a jury and prove your validation, that is a valid reason. I knew a professor that did the same thing. The only reason he was still a professor is because he believed that it showed that he not only knew his stuff, but he knew it enough to teach the next generation. If you are having to deal with image to the general unknowing populace, then of course it makes sense to get a full plumage of alphabets behind your name. It is the association that extra words tacked on to your name convey importance. It is to stand out, and convey yourself as important next to others. Also I would have to argue, that if you hire someone that isn't already constantly training and learning, (especially in the IT field with its rate of change), and needs a certification to force them, they were not a good choose in hiring. Regards, Simmons -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Craig Wright Sent: Tuesday, May 08, 2007 5:26 PM To: Simmons, James; security-basics () securityfocus com Subject: RE: CISSP Question As a pointy haired manager, it demonstrates that staff are continuing to learn. As a manager, I find that this demonstrates commitment and involvement. At times I will have those doing the training and certification present what they have covered to the group (I know I am mean and nasty). As terrible as it may seem there are always those who state that they have been studying, but don't (though the threat of having to stand in front of your peers can be a good control). Being able to point out editorial positions, papers etc is valuable I admit, but you can still do the cert and the other. A part of my role comprises of digital forensic engagements. So having staff gain credentials is good. More the merrier as this helps impress jurists and clients. You get a lot further with a list of certs than industry networking when you are associating with those who have no involvement with IT security. Regards, Craig Craig Wright Manager of Information Systems Direct +61 2 9286 5497 Craig.Wright () bdo com au +61 417 683 914 BDO Kendalls (NSW) Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 www.bdo.com.au Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator () bdo com au. BDO Kendalls is a national association of separate partnerships and entities. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Simmons, James Sent: Wednesday, 9 May 2007 5:47 AM To: security-basics () securityfocus com Subject: CISSP Question >>Being that they have stated that employment as an Operators etc are not considered as valid experience, I would >>state that I feel that this would be a role where there is some management, design, consulting or other similar >>activity involved. So if you already have 4 years of experience in management, or design, or consulting, what is the value of the CISSP? You are already doing the job that most people are getting the certification are aiming for. Now of course this is a majority case, as there are people who get the cert for other reasons. But this is all my point. http://www.securityfocus.com/archive/105/466897/30/210/threaded Experience in doing the projects, actually getting involved in the industry on your own, is the better way to spend your money then getting a certification. And here we arrive back at the beginning. Regards, Simmons -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Craig Wright Sent: Monday, May 07, 2007 3:41 PM To: Simmons, James Cc: security-basics () securityfocus com Subject: RE: CISSP Question I would look at this from the perspective of several of the ISC2 comments. Being that they have stated that employment as an Operators etc are not considered as valid experience, I would state that I feel that this would be a role where there is some management, design, consulting or other similar activity involved. That is - not just going through the motions as set by another, but actually having input into the process. As for what the ISC2 would do, this is up to them. They have options, but they have to have these weighted against the alternatives. This is the repercussions of dismissing people against the value of the certificate. So it is a matter of degree I would hazard to guess. Regards, Craig Craig Wright Manager of Information Systems Direct +61 2 9286 5497 Craig.Wright () bdo com au +61 417 683 914 BDO Kendalls (NSW) Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 www.bdo.com.au Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator () bdo com au. BDO Kendalls is a national association of separate partnerships and entities. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Simmons, James Sent: Tuesday, 8 May 2007 2:48 AM To: Craig Wright Cc: security-basics () securityfocus com Subject: RE: CISSP Question Craig, I have to say, that was a well written argument. It is so refreshing to debate with someone who actually understands the importance of including references. And many of your arguments I just cannot argue with. And you do make very good points. I guess the mind set where all this begat from was the definition of professional experience for which ISC2 is requiring. I guess a more proper questions would be, "What is ISC2 qualifying as professional experience?" My first assumptions were based on definitions and ideas on the difference between an amateur and a professional. Amateur is more of a hobbies, where a professional is making a living based on the quality of work. I was also speaking from a platform that they are allowing any sort of experience within the ten domains. I have come to this conclusion based on personal contact with individuals that I have or current work with that have already been audited. Though granted I was not involved in the process, and cannot say for certain the mood, or perceived mindset of the auditors, I can only draw my conclusions from conversations with individuals where military, enlisted IT staff, and other minor non-managerial roles experience was sufficient enough to obtain the CISSP. (Of which, you can make an argument about enlisted individuals having some leadership / manager experience based on rank and role. But that is another thread altogether.) So I guess ultimately this questions is just one based on perception and risk analysis. If you think one way and are willing to take the risk for a higher paying job, then go for it. I am curious though, as to how certain companies would react. An individual is hired, they obviously passed the test, and have been working for a company for x months, only to be told that there was a mistake regarding the what ISC2 regards as experience. Plus, would ISC2 revoke the entire cert, or just bump the individual down to an associate? Either way, this has been an interesting debate. Regards, Simmons
Current thread:
- RE: CISSP Question, (continued)
- RE: CISSP Question David Harley (May 16)
- RE: CISSP Question Ken Kousky (May 16)
- RE: CISSP Question David Harley (May 16)
- RE: CISSP Question Ken Kousky (May 16)
- RE: CISSP Question David Harley (May 16)
- Clarifications to the CISSP experiance requirement Craig Wright (May 16)
- RE: CISSP Question Simmons, James (May 16)
- RE: CISSP Question Simmons, James (May 09)
- RE: CISSP Question Simmons, James (May 09)
- RE: CISSP Question Simmons, James (May 09)
- RE: FW: CISSP Question Simmons, James (May 09)
- RE: FW: CISSP Question winsoc (May 10)
- RE: FW: CISSP Question Shawn (May 10)
- RE: FW: CISSP Question David Harley (May 10)
- RE: FW: CISSP Question winsoc (May 10)
- RE: FW: CISSP Question David Harley (May 11)