Penetration Testing mailing list archives
RE: CISSP-ISSMP
From: "Levenglick, Jeff" <JLevenglick () fhlbatl com>
Date: Tue, 9 May 2006 15:51:33 -0400
Annnie, 1) As you pointed out. Your peers have jobs and are doing the same work, just without certs. Ie: they did not need a cert to get the same job you have. 2) CCNA,CNE...ect all popular at one time. Worthless now. My point.. Someone made money off the test. In Nathaniel's case, his company is taking advantage of the cert craze and charging more. Does it mean the tech showing up is worth more or had the time to study a self help book? Btw.. I do not hate all of the fly-by-night certs. I still happen to think the only real cert out there is from Cisco. CCIE is not something that You can just pick up a book and take the test. (part one anyway.. Part two is hands on) -----Original Message----- From: Angelacci, Anna M CTR SPAWAR, J616 [mailto:anna.angelacci () navy mil] Sent: Tuesday, May 09, 2006 08:22 AM To: Nathaniel Hirsch; Mohamed Abdel Kader Cc: pen-test () securityfocus com Subject: RE: CISSP-ISSMP I disagree Nathaniel. I work with peers that do not have the CISSP. They do know how to fill out templates required for submission of an SSAA, but they have no clue about application of security controls and attributes. They can't even complete a proper sentence if were not for a spelling and grammar checker. They can run the scanners, mitigate the risks based on the STIG references, but still have no clue what they are doing. I lucked out by getting an NSA test bank for the CISSP. If I did not have 7 years experience plus, in scanning networks, I would have failed. I also must admit, I am an MCT, CCNA, CNE, Dell Certified Server Tech, a 3COM Certified Fiber Installer, have over 238 college credits, and have worked for 27 years in the field. The CISSP does only test you on security attributes if that is the test bank you were lucky enough to draw. The test banks are designed to test you on application of the attributes, not application of the DITSCAP. The point to remember in all this is," Not one single person knows it all!" Working as a team and not bashing your peers is a formula for success, not just certs. Annie -----Original Message----- From: nat () morgothan com [mailto:nat () morgothan com] On Behalf Of Nathaniel Hirsch Sent: Monday, May 08, 2006 4:19 PM To: Mohamed Abdel Kader Cc: pen-test () securityfocus com Subject: Re: CISSP-ISSMP I recently got my CISSP. The company that I work for paid for me to go to a class, and take the test assuming I passed. If I failed then the $500 would be on my nickle. Thankfully I did not fail. The main reason they wanted me to get my CISSP is now they can charge more for the work they contract me out to, this and you need it or some other equivalent to do level 3 and 4 DITSCAP testing. As for an ROI after I passed a got a 15% raise which was nice, but I was also up for a raise, so I can not tell you how much that was due to the CISSP, and how much was due to my overall performance at the company. Personally I feel that the exam and certification process is a waste of time, and so does everyone else at the company, but they are needed, or so they say. However we have a guy who works here who is a CISSP and a CEH(certified ethical hacker), and to be truthful, he is quite possible the most worthless tester I have ever had to work with, and everyone else in the office knows this. So having the cert doesn't make you good, and doesn't prove to anyone that you have experience or skill. It just proves that you can pick the correct answer out of a four possible answer on a 250 question multiple choice exam. As for giving an out of 10 scale for everything you mentioned I guess they would all be 5s because it all really depends on a lot of other things. As for what job its good for, I would have to say more managerial then anything else. The topics covered are really only puddle deep, not enough to know whats going on, just enough to know that it is going on though. Nathaniel Hirsch, CISSP Xacta Corporation 656 Shrewsbury Ave. Shrewsbury, NJ 07702 On 5/8/06, Mohamed Abdel Kader <makster12 () hotmail com> wrote:
Hi all, I was wondering if anyone out there did the CISSP-ISSMP concentration.
I want to know the value added in the areas listed below, in an out of
10 scale for example: Total ROI Career Advancement Industry Demand Raise Potential Suitable for what job/position (not an out of 10 answer of course :)) I also want to know the material to study from. Thanks a million. MAK ---------------------------------------------------------------------- -------- This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications
continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your
application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm
your
results from other product. Contact us at request () cenzic com for
details.
------------------------------------------------------------------------ ------
------------------------------------------------------------------------ ------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------ ------ ------------------------------------------------------------------------ ------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------ ------ ----------------------------------------- This e-mail message is private and may contain confidential or privileged information. ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Re: CISSP-ISSMP, (continued)
- Re: CISSP-ISSMP Nathaniel Hirsch (May 08)
- Message not available
- Re: CISSP-ISSMP Nathaniel Hirsch (May 09)
- Message not available
- Re: CISSP-ISSMP intel96 (May 09)
- Re: CISSP-ISSMP Pete Herzog (May 10)
- Re: CISSP-ISSMP Nathaniel Hirsch (May 08)
- RE: CISSP-ISSMP Levenglick, Jeff (May 08)
- Re: CISSP-ISSMP Bob Radvanovsky (May 09)
- RE: CISSP-ISSMP Angelacci, Anna M CTR SPAWAR, J616 (May 09)
- Re: CISSP-ISSMP Nathaniel Hirsch (May 09)
- RE: CISSP-ISSMP Williamson, Clyde (May 09)
- Re: CISSP-ISSMP Nathaniel Hirsch (May 09)
- RE: CISSP-ISSMP Arley Barros Leal (May 09)
- RE: CISSP-ISSMP Levenglick, Jeff (May 09)
- RE: CISSP-ISSMP Craig Wright (May 09)
- RE: CISSP-ISSMP Benson, Sean M (May 10)
- RE: CISSP-ISSMP Serge Vondandamo (May 11)
- RE: CISSP-ISSMP Benson, Sean M (May 11)
- RE: CISSP-ISSMP McLaurin, Timothy (May 11)
- RE: CISSP-ISSMP Serge Vondandamo (May 12)
- RE: CISSP-ISSMP David Gutierrez (May 12)
- RE: CISSP-ISSMP Omar A. Herrera (May 12)
- RE: CISSP-ISSMP Benson, Sean M (May 12)
- accredited schools J Kalberg (May 12)