Firewall Wizards mailing list archives
Re: Trust validation of programmers
From: "Bruce K. Marshall" <bkmarsh () feist com>
Date: Tue, 07 Jul 1998 15:32:47 -0500
tqbf () pobox com wrote:
CISSP cert does look good on your resume. (How is the non-security
Not everywhere. In places staffed with savvy security people, having "CISSP" on your resume may put you at a distinct disadvantage (you will wind up having to demonstrate to your potential employer that you are not a clueless certificate weenie).
Let's realistically qualify that statement by changing it to "In _some_ places..." My experiences have shown the converse to be true (whether justifiably so or not).
Certification tests have absolutely nothing to do with the ability to perform well as a security consultant.
I can agree with this only somewhat. A multitude of factors affect whether you will perform well as a security consultant including your personality, geographic location, certifications, ability to innovate/improvise, employer, education, area of focus, etc.. It's easy to single out one of these factors and say it doesn't have any value in a given situation. Certification tests DO have a lot do to with your ability to learn the materials such tests cover and how well you take tests in general. This ranges in value from certification test to certification test. One could argue that because I knew what X* was for the 250 questions on my CISSP exam I've improved my value as a security consultant and shown an inclination towards being successful. Nonetheless, this doesn't qualify me to install/secure/design firewalls, servers, networks, applications or anything else that the test doesn't cover. Assuming otherwise is your own fault. And to be further honest, one could spend around $3,000 on sending a reasonably intelligent person with no security experience to the CISSP review seminars and expect a good score on the following exam. But unlike most vendors or associations, the (ISC)^2 discourages this by requiring prior, verifiable experience in the industry along with continued proof of education & activities. I obviously have a vested interest in showing the value of a CISSP certification, but I think my opinions are founded in simple logic and reality. I can't speak as highly for the other certifications I hold or have seen in our industry. On a topic related to the original note, I don't think it was here that I recently read news about Texas looking into requiring/advising programmers to be state licensed. Can anyone provide a link to such information? * With "X" being any piece of information from the ten diverse domains being tested over on the CISSP exam. Check out http://www.isc2.org for more details. -- Bruce K. Marshall, CISSP - bkmarsh () feist com - Feist Communications 2424 S. St. Francis - Wichita, KS 67216 - 316-264-2248
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: Trust validation of programmers ark (Jul 01)
- Re: Trust validation of programmers Rachel Rosencrantz (Jul 02)
- Re: Trust validation of programmers Roger Marquis (Jul 07)
- Re: Trust validation of programmers tqbf (Jul 07)
- Re: Trust validation of programmers Bruce K. Marshall (Jul 07)
- <Possible follow-ups>
- RE: Trust validation of programmers Burden, James (Jul 08)
- RE: Trust validation of programmers ark (Jul 12)
- Re: Trust validation of programmers Rachel Rosencrantz (Jul 02)