Re: Security Expert Certificates

[jan.muenther () nruns com]

I'm with Steven here - unfortunately, most of the clients aren't overly
knowledgeable in this particular field and thus can't really fathom your
expertise. So they revert to buzzword compliance and the same marketing
mechanisms that makes people buy ISS products fall into place. 

Having a cert like the CISSP doesn't hurt you personally (apart from maybe
the feeling you're wasting your time), but it might help your company get
some more contracts in, which can only be in your vital interest. 
On the other hand, what really amazes me is the reputation this particular
certification still has among a lot of people... 

I'd say it doesn't even hurt a pen tester to have a bit of insight into the
management stuff the CISSP requires (the tech stuff is negligibly lame). On
the other hand, it sure doesn't hurt a person in security management when
they know how to write exploits :)

Cheers, J.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave