Full Disclosure mailing list archives
Re: RES: CISSP Test
From: "SecurityLSI" <security () lan-slam com>
Date: Sat, 26 Mar 2005 01:26:36 -0500
I wholeheartedly agree that there needs to be an industry benchmark, something that says you cannot operate in this field unless you have passed x. I'm thinking along the lines of something similar to the Bar exam that lawyers have to take, or perhaps a license like what doctors are required to obtain before being able to practice. I fear its going to take something of that level to truly separate the chaff from the wheat. Anything less and you only end up with braindumps and bootcampers throwing resume after resume at you. The added bonus of having an industry benchmark that bars entry into the field tracks to something a mentor once told me: people that belong to unions drive Chevys and Fords. Those that belong to associations drive BMWs and Mercedes. --Joe ----- Original Message ----- From: "Vladamir" <wireless.insecurity () gmail com> To: "Jose Ribeiro Junior" <ribeiro () microcity com br> Cc: <> Sent: Wednesday, March 23, 2005 1:52 PM Subject: Re: RES: [Full-disclosure] CISSP Test
CCIE is where it's at. I love writing practice tests, but I'm only 20, so what do I know Jose Ribeiro Junior wrote:Hi Friends, What you think about CCIE certification model, practice and write tests
?
I think that is a good model to Security Certifications. But, can you create a practice tests not using especific vendors ? -----Mensagem original----- De: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk]Em nome de Vladamir Enviada em: quarta-feira, 23 de março de 2005 14:23 Para: DAN MORRILL Cc: full-disclosure () lists grok org uk Assunto: Re: [Full-disclosure] CISSP Test Very good points, so.. who wants to start writing to the mentioned organizations about this? DAN MORRILL wrote:I think in reading the multiple threads on this issue, there there are a number of perspectives on the value of the CISSP. What was most interesting was the CEO's perspective. Since the CISSP is a boot camp, and the SANS is bootcampable in the longer run with the removal of the practicle. The real question is working towards a certificate that demonstrates ability to work in the security arena, one that is really hard to get, and one that really tests the ability to do the work. While CISSP and SANS are great to have as a resume filter, it does not imply that anyone with either certificate to their name can actually do the work. What I am seeing is that many people are going for these, and have them, but had them a result from an IDS system, or ask them to do a security design for either a network or a chunk of code, the ability to actually perform the task is not there, even though they have the certificate. Personally, I believe the community needs something, certificate, degree, internship, what ever, that actually means you can perform competently in the security arena. That there is a skill set there that the entire community agree's upon is the minimum recommended skill set to work in this field. If we had something like that, then any school that is pumping out Bachelors of Information Security folks would have a standard. Anyone building a bootcamp or certificate program would have an agreed upon community standard to work with. ISC2, ISSA, WSA, SANS, et al. Could build a board in conjunction with the community, develop the minimum qualifications to work in the field, and actually accomplish something once they have been certified or degreed. NSA has been hugely successful in developing security schools through James Madison, Boise, et al. But they have to agree to and teach to the minimum standard that NSA has put together to meet the needs that NSA has identified. I think until we as a community agree upon a minimum standard, apply it consistantly across the board much like doctors, lawyers, social workers, and other degreed or licensed professionals, we will continue to have this debate until the house burns down. As security professionals, as security folks, we have the same ability to either do good, or do harm as any other profession does. We need to understand this, and begin working towards skill sets either certificate or degree that actually mean something useful at the end of the day. My thoughts, flames invited. r/ Dan Sometimes MSN E-mail will indicate that the mesasge failed to be delivered. Please resend when you get those, it does not mean that the mail box is bad, merely that MSN mail is over worked at the time.From: "Clement Dupuis" <cdupuis () cccure org> To: <robert () dyadsecurity com>,"'Vladamir'" <wireless.insecurity () gmail com> CC: full-disclosure () lists grok org uk Subject: RE: [Full-disclosure] CISSP Test Date: Wed, 23 Mar 2005 06:45:47 -0500 Robert E. Lee wrote: "SANS programs have little to do with security. I'm glad they changed their policy. They seem more honest now." Good day Robert, Honesty is a very neat goal to achieve, however it has many facets. I lately learned (under all reserve, please correct me if you know otherwise) that SANS no longer has any NON PROFIT portion left. They used to be registered as a non-profit entity in the state of Maryland but it seems that it was dissolved. Technically we could say there is no SANS Institute left anymore as we knew it on the non profit side. After
they
dissolve SANS they created a FOR PROFIT corporation called ESCAL which registered the names used in the non-profit as trademarks for their new for profit organization. Even thou you see the name GIAC and SANS being
used
everywhere, they are all trademark (not organizations) of the new privately owned company. Principals at SANS have NEVER claimed to be non-profit, it is a myth that we the people that have been dealing with SANS for a long time (since the time they were non profit) have been propagating. We have been keeping this myth alive simply because we did not know any better and we did not know that the non-profit was dissolved. It was done without any noise or public announcement to the people that were already certified. So they NEVER lied but they never went to any length to inform people of the real and current status of their corporation activity. Most people
think
that GIAC is non profit which is not the case anymore and this better explains the decision of dropping the practical requirement: it does
not
generate money and it is not a good business decision to keep something alive that will become a drain on the bottom line. Which is a bit contrary to the reason given of improving the overall state of the security community :-) Take care Clement _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ Esta mensagem pode conter informacao confidencial e /ou privilegiada. Se
voce nao for o destinatario ou a pessoa autorizada a receber a mensagem, nao pode usar, copiar ou divulgar as informacoes nela contidas ou tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta mensagem por engano favor avise imediatamente ao remetente respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperacao
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RES: CISSP Test Jose Ribeiro Junior (Mar 23)
- Re: RES: CISSP Test Vladamir (Mar 23)
- Re: RES: CISSP Test SecurityLSI (Mar 26)
- Re: [OT] CISSP Test Anders Langworthy (Mar 26)
- Re: RES: CISSP Test R Mondesir (Mar 29)
- Re: RES: CISSP Test DAN MORRILL (Mar 29)
- Re: RES: CISSP Test J. Oquendo (Mar 29)
- Re: RES: CISSP Test SecurityLSI (Mar 26)
- Re: RES: CISSP Test Vladamir (Mar 23)