Security Basics mailing list archives
RE: CISSP Question
From: "David Harley" <david.a.harley () gmail com>
Date: Thu, 3 May 2007 09:54:06 +0100
They focus on questions that are likely asked on the test. I have even know some of these boot camp companies to focus on areas that are statically higher to be on the test. This is suppose to be a cert to validate your experience and skill, yes? A cram session that is teaching you new stuff is of no benefit to ISC2 credibility or the employer who will eventually hirer the individual, and is not indicative of experience gained in the field.
The CISSP exam is not a direct test of experience or skill, IMHO, though experience and skill won't do the aspiring CISSP any harm. It's a test of security knowledge at a fairly abstract level, rather than of hands-on expertise. It's broad, not deep. Yes, you can cram it. That's the nature of exams, though this one is pretty carefully constructed to weed out rote learners with no real understanding. Passing the exam is not sufficient to earn the accreditation, though. You have to prove the experience by other means, remember? Is it possible to abuse the system? Of course, though I doubt if it happens as often as you seem to think. Is it possible to be a CISSP and incompetent? Sure. 20 years of experience doesn't prove competence either. And having the qualification says nothing about your expertise in a given specialism (but there are other certs that test that). Personally, if I was hiring someone for very specific skills, I'd still like to know they had an overview and an understanding of general principles, and CISSP is one of the better measures of that: it's not -that- easy! But it's a baseline indicator, nothing else. It doesn't mean you're fully qualified to audit, analyse malware, pen-test, administer a given toolset, and so on, any more than a degree in English proves that you're a first-class teacher, novelist, journalist or whatever. It might get you some interviews: it probably shouldn't get you a job, not all on its own, anyway. If employers don't understand this, well, that's the nature of HR.... Do I measure my worth in the security field by my certifications? Of course not. But some of my clients find this one reassuring. And I'm getting tired of feeling I have to apologise for it... -- David Harley CISSP Security Author/Editor/Consultant/Researcher Small Blue-Green World AVIEN Guide to Malware: http://www.smallblue-greenworld.co.uk/pages/avienguide.html Security Bibliography: http://www.smallblue-greenworld.co.uk/pages/bibliography.html
Current thread:
- Re: Re: CISSP Question, (continued)
- Re: Re: CISSP Question nomail (May 01)
- RE: CISSP Question David Gillett (May 01)
- RE: CISSP Question Craig Wright (May 02)
- RE: CISSP Question Craig Wright (May 02)
- RE: CISSP Question Lee McDonald (May 04)
- RE: CISSP Question Simmons, James (May 04)
- RE: CISSP Question Lee McDonald (May 04)
- RE: CISSP Question Lee McDonald (May 04)
- RE: CISSP Question krymson (May 02)
- RE: CISSP Question Craig Wright (May 02)
- RE: CISSP Question Simmons, James (May 02)
- RE: CISSP Question David Harley (May 03)
- RE: CISSP Question Simmons, James (May 02)
- RE: CISSP Question Craig Wright (May 02)
- RE: CISSP Question Craig Wright (May 03)
- RE: CISSP Question Simmons, James (May 03)
- Re: RE: CISSP Question barcajax (May 03)
- RE: CISSP Question Elizabeth Tolson (May 03)
- RE: CISSP Question Craig Wright (May 03)
- RE: CISSP Question David Harley (May 04)
- RE: RE: CISSP Question Simmons, James (May 03)
- "Professional", RE: RE: CISSP Question David Gillett (May 03)
- RE: "Professional", RE: RE: CISSP Question David Harley (May 04)
- "Professional", RE: RE: CISSP Question David Gillett (May 03)