Security Basics mailing list archives

RE: CISSP Question

From: "David Harley" <david.a.harley () gmail com>
Date: Thu, 10 May 2007 11:10:15 +0100

"I stand on the belief that you should not have to spend tons 
of money to prove your worth."

PERFECT!!


Indeed. But it's an ideal, not real life. 

Forget the security Certs. Most of us are, in the job market and elsewhere,
to some extent defined by our qualifications, from school level
certifications to first and higher degrees, to all manner of vocational
qualifications. And they nearly all cost money. Of course, we don't always
spend our own money on them: I don't think I've ever spent my own money on a
vocational qualification, or even . I realize that some people do (for
instance, to break into an area where they aren't already working for
someone who's prepared to help them with professional development) and I
think it's unreasonable to suggest that they shouldn't commit money, time
and effort into self-development. The point, though, is that most
qualifications cost someone money, and some of them cost a lot more than
CISSP, GIAC etc. But they're an attempt (however imperfect) to measure
baseline ability by objective criteria. If you're saying that we should
assess others purely by our own instincts and abandon all attempts to assess
objectively, you must have more faith in the human race than I do. 

As for the cost issues, let's remember that it's not cheap to implement
certs, supply training for them, design and implement testing, and so on. In
other words, certifying bodies don't work for free, though not all are
for-profit and keep costs down by using certified volunteers, for example.  

Mr Simmons, I don't use those letters after my name to "prove" that I'm
"important next to others". I use them (sometimes) because some customers,
publishers etc. find it reassuring that I've signed up to a baseline level
of professional development and ethical standards in the field in which I
work. It helps that unlike most of the vocational certs I've picked up over
the years, they compress to an acronym that doesn't bloat my signature.
Since I am not "validated" by an impressive job title or affiliation with a
major corporation, they give a very, very slight indication of where I am in
the foodchain. But they don't prove I'm not an idiot. :) 

-- 
David Harley CISSP, Small Blue-Green World
Security Author/Editor/Consultant/Researcher
AVIEN Guide to Malware:
http://www.smallblue-greenworld.co.uk/pages/avienguide.html
Security Bibliography:
http://www.smallblue-greenworld.co.uk/pages/bibliography.html

Current thread:

RE: CISSP Question, (continued)
- RE: CISSP Question Elizabeth Tolson (May 04)
  - RE: CISSP Question David Harley (May 04)
  - RE: CISSP Question Craig Wright (May 07)
- RE: CISSP Question Elizabeth Tolson (May 07)
  - RE: CISSP Question David Harley (May 08)
- RE: CISSP Question Craig Wright (May 08)
- CISSP Question Simmons, James (May 08)
  - Re: CISSP Question Yousef Syed (May 09)
    - RE: CISSP Question Simmons, James (May 09)
    - RE: CISSP Question April Carson (May 09)
    - RE: CISSP Question David Harley (May 10)
    - RE: CISSP Question April Carson (May 10)
    - RE: CISSP Question David Harley (May 10)
    - RE: CISSP Question April Carson (May 10)
    - RE: CISSP Question David Harley (May 10)
    - RE: CISSP Question David Gillett (May 10)
    - RE: CISSP Question David Harley (May 10)
    - RE: CISSP Question Eric Zatko (May 10)
    - RE: CISSP Question Ruiz, Michael S. (Security) (May 10)
    - RE: CISSP Question David Gillett (May 10)
    - RE: CISSP Question Craig Wright (May 10)

(Thread continues...)