Full Disclosure mailing list archives

Re: CISSP Test

From: vulcanius <vulcanius () gmail com>
Date: Wed, 23 Mar 2005 00:40:51 -0500

Back in the summer of 2003 I went out to Silicon Valley and met Jeff
Snyder, Sen. Vice Pres of Veridian's security sector (now General
Dynamics by the way) and I was surprised to find out that a little
over half of the employees in their sec. division didn't have any form
of college degree, they only had CISSPs.


On Tue, 22 Mar 2005 21:05:44 -0800, robert () dyadsecurity com
<robert () dyadsecurity com> wrote:

Vladamir(wireless.insecurity () gmail com)@Tue, Mar 22, 2005 at 11:34:35PM -0500:

In my opinion, they should do away with "boot camps", they churn out
paper CCNAs, paper CISSPs, and they're doing nobody any real good.

Why did SANS do away with the practical portion of their (I forgot the
name) exam? I read briefly about it, and it looks (well, looked) like a
lot of fun, how hard would it be?

Set up honey pot w/ snort, ethereal, secured logging server
Advertise "insecure machine"
Sit back, collect packets, write report.

Doesn't sound too hard to me!


Doesn't sound too useful either!

But seriously, most of the "security" industry is sadly broken. It's filled
with good intentioned people who grossly misunderstand the problem and people
just looking to make a buck where ever they can.

SANS programs have little to do with security.  I'm glad they changed their
policy.  They seem more honest now.

If you want to learn about security, start here:
http://www.acm.org/classics/sep95/
http://www.nsa.gov/selinux/papers/inevitability/
http://www.radium.ncsc.mil/tpep/library/rainbow/

Robert

--
Robert E. Lee
CEO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

RE: CISSP Test Forbes, Robert R (Mar 22)
- RE: CISSP Test Wade Woolwine (Mar 22)
  - Re: CISSP Test Vladamir (Mar 22)
    - Re: CISSP Test Wade Woolwine (Mar 22)
    - Re: CISSP Test J.A. Terranson (Mar 22)
    - Re: CISSP Test Vladamir (Mar 22)
    - Re: CISSP Test robert (Mar 22)
    - Re: CISSP Test vulcanius (Mar 22)
    - Message not available
    - Re: CISSP Test vulcanius (Mar 22)
    - Re: CISSP Test vulcanius (Mar 22)
    - Re: CISSP Test Vladamir (Mar 22)
    - RE: CISSP Test Clement Dupuis (Mar 23)
    - RE: CISSP Test DAN MORRILL (Mar 23)
    - Re: CISSP Test Vladamir (Mar 23)
    - Re: CISSP Test David Chastain (Mar 22)
- Re: CISSP Test Daniel F. Chief Security Engineer - (Mar 22)
- <Possible follow-ups>
- RE: CISSP Test adeel hussain (Mar 22)
  - Re: CISSP Test srenna (Mar 22)

(Thread continues...)