Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: CISSP

From: "Angelacci, Anna M CTR SPAWAR, J616" <anna.angelacci () navy mil>
Date: Thu, 7 Dec 2006 11:08:53 -0500
Noe the education, the certs, the experience, all in one makes you
qualified. Why cry about it when you could be reaching for all the
above? 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Nick Besant
Sent: Tuesday, December 05, 2006 5:45 AM
To: pen-test () securityfocus com
Cc: dfullerton () mantor org
Subject: Re: CISSP


I think it's a worthwhile qualification to have if only from the point 
of view of structured learning.  Unless you've already done a CS or 
equivalent degree, it's unlikely that you'll have covered some of the 
architectural or formal methodologies, practices, standards etc that you

must know to take the CISSP exam.  On-the-job learning is an excellent 
(I'm biased) way to learn all things security but you only tend to 
learn  the technologies etc around the environments you're working with.

I found the learning process, while covering some out-of-date material 
that I'm unlikely to use in future, did cover some additional areas 
which I've since applied to projects to my / my employer's benefit.

So; in summary, I would recommend it if you're looking for a broader 
certification/career path/etc focusing on security.  The breadth (not 
really the depth) of the body of knowledge has provided me with a way to

cement together everything I've learned through working on or personal 
research.   YMMV :)


--
Nick Besant (lists () hwf cc)



dfullerton () mantor org wrote:

Then I wonder if this certification should really have this kind of 
notoriety. Looks like it's not technical and if an 11 years old boy 
can complete this cert ...it's not about security management 
experience either.

Anyone can give me some good reason to acquire CISSP while not being 
related to money and the wannabe marketing-made notoriety?

Personally I done GCIH and GHTQ, the latest is harder and really 
related to penetration testing. I would like some GOOD reason for 
someone in the security field for a while and having others, more in 
deep, technical certification to go on with CISSP.

Should we glorify such things? Tell me more about the exam, the topics



are quite general and may not be totally in line with the exam and the



real knowledge being certified.

Danny Fullerton
---------------
IT Security Specialist, GCIH GHTQ http://www.mantor.org/~northox
Mantor Organization

----------------------------------------------------------------------
--
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE. 
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70
1600000008bOW


------------------------------------------------------------------------


  



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: