Security Basics mailing list archives
RE: CISSP Question
From: "April Carson" <ACarson () HNTB com>
Date: Thu, 10 May 2007 07:46:07 -0500
Good points. However if someone was going to invest money into their skills, I would be more impressed with someone who purchased a router and set one up at home. This shows initiative, drive and a willingness to learn. Just because I have a drivers license and drive fast does not mean I am a racecar driver. Someone who hammered through a boot camp to get the certification but never put his or her hands on the equipment may not be a skilled network administrator or security specialist. They might just be someone who can memorize a large amount of information. Ultimately, I believe you should find the job you want to have and research what THEY require. If they want a degree and you get a certification then perhaps you wasted your time. I do not believe there is a hard and fast answer to this discussion of degree vs. certification. However, the discussion was interesting and fun! As always, -April -----Original Message----- From: David Harley [mailto:david.a.harley () gmail com] Sent: Thursday, May 10, 2007 5:10 AM To: April Carson; 'Simmons, James'; 'Yousef Syed' Cc: security-basics () securityfocus com Subject: RE: CISSP Question
"I stand on the belief that you should not have to spend tons of money to prove your worth." PERFECT!!
Indeed. But it's an ideal, not real life. Forget the security Certs. Most of us are, in the job market and elsewhere, to some extent defined by our qualifications, from school level certifications to first and higher degrees, to all manner of vocational qualifications. And they nearly all cost money. Of course, we don't always spend our own money on them: I don't think I've ever spent my own money on a vocational qualification, or even . I realize that some people do (for instance, to break into an area where they aren't already working for someone who's prepared to help them with professional development) and I think it's unreasonable to suggest that they shouldn't commit money, time and effort into self-development. The point, though, is that most qualifications cost someone money, and some of them cost a lot more than CISSP, GIAC etc. But they're an attempt (however imperfect) to measure baseline ability by objective criteria. If you're saying that we should assess others purely by our own instincts and abandon all attempts to assess objectively, you must have more faith in the human race than I do. As for the cost issues, let's remember that it's not cheap to implement certs, supply training for them, design and implement testing, and so on. In other words, certifying bodies don't work for free, though not all are for-profit and keep costs down by using certified volunteers, for example. Mr Simmons, I don't use those letters after my name to "prove" that I'm "important next to others". I use them (sometimes) because some customers, publishers etc. find it reassuring that I've signed up to a baseline level of professional development and ethical standards in the field in which I work. It helps that unlike most of the vocational certs I've picked up over the years, they compress to an acronym that doesn't bloat my signature. Since I am not "validated" by an impressive job title or affiliation with a major corporation, they give a very, very slight indication of where I am in the foodchain. But they don't prove I'm not an idiot. :) -- David Harley CISSP, Small Blue-Green World Security Author/Editor/Consultant/Researcher AVIEN Guide to Malware: http://www.smallblue-greenworld.co.uk/pages/avienguide.html Security Bibliography: http://www.smallblue-greenworld.co.uk/pages/bibliography.html This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are NOT the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing or copying this e-mail is strictly prohibited.
Current thread:
- RE: CISSP Question, (continued)
- RE: CISSP Question David Harley (May 04)
- RE: CISSP Question Craig Wright (May 07)
- RE: CISSP Question Elizabeth Tolson (May 07)
- RE: CISSP Question David Harley (May 08)
- RE: CISSP Question Craig Wright (May 08)
- CISSP Question Simmons, James (May 08)
- Re: CISSP Question Yousef Syed (May 09)
- RE: CISSP Question Simmons, James (May 09)
- RE: CISSP Question April Carson (May 09)
- RE: CISSP Question David Harley (May 10)
- RE: CISSP Question April Carson (May 10)
- RE: CISSP Question David Harley (May 10)
- RE: CISSP Question April Carson (May 10)
- RE: CISSP Question David Harley (May 10)
- RE: CISSP Question David Gillett (May 10)
- RE: CISSP Question David Harley (May 10)
- Re: CISSP Question Yousef Syed (May 09)
- RE: CISSP Question Eric Zatko (May 10)
- RE: CISSP Question Ruiz, Michael S. (Security) (May 10)
- RE: CISSP Question David Gillett (May 10)
- RE: CISSP Question Craig Wright (May 10)
- RE: CISSP Question April Carson (May 10)