Re: OSCP

["Andre Gironda" <andreg () gmail com>]

On Wed, Dec 3, 2008 at 11:52 AM, Al Rivas <ARivas () hyphensolutions com> wrote:
> I've been away for a while and so catching up today and noticed the idea that the CISSP required 5 years information 
> security experience

CISSP is sad the more I think about it.

Since all corporate and government security has gone the way of
compliance, it's best to just hire certified individuals e.g.

SOX -> CISA
PCI-DSS -> CPISA
ISO 27K (and everything else) -> ISO 27K Lead Auditor (often referred to as LA)

If you actually do real security, OSCP is a bullshit cert just like
CEH, CNOP, SCNA, GSE, et al.  Anything SANS or ISC2 is crap.  All of
these certs mean absolutely nothing if you dig deep into the actual
meaning behind them.

I would hire an [recent] OPSA or ISO27K LA over pretty much anything
else, if forced to hire based on certifications.  I would consider NSA
IAM/IEM certified people if ISECOM or ISO certified individuals aren't
available.  These certifications have merit because there is real
operational security value behind them, and they are up-to-date with
the real world.

Cheers,
Andre

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------