WebApp Sec mailing list archives

Re: RE: RE: Notes from CISSP class with Dr. Eric Cole

From: f_kenisky () earthlink net
Date: 12 Oct 2005 12:40:30 -0000

Hummmm...

Interesting but it's not funny if you have to explain the punch line.

I'm not trying to be mean or ridicule your comment. I will try to explain. About four years ago MS began to realize
that secure coding was important. This after years of trial and error. They (MS) never really gave "security" much
thought. Then after being proded by the industry they decided to go in the direction of "secure coding" without any
more knowledge and they did before.

They hired someone with vast knowledge in a field unrelated to 'infosec' and put them incharge of 'secure coding'.
This isn't considered in any security course (if you paid attention in class) the correct method of doing things.
(Please don't take this as a direct slam at your lack of MS knowledge but more like a Discovery Channel Special).

Then because of industry pressure MS decides to offer a MS 'Security' Certification. Hummmm...

Interesting that they don't think someone holding a CISSP, CISA or a CISM is qualified to teach MS Security. So the
logic behind this knee jerk reaction to the industry is that MS knows how it "WANTS" to do security not how the
industry demands it should be done.

Of course, I'm only providing you the punch line so you can get the joke don't take this personally. What I find
interesting is that if you've ever taken a SANS security course in the beginning. (And I mean with SANS first started
out before it ever offered the "G" certifications.) the people offering the classes had "0" certification.

Stephen Northcutt, Alan Pallard and many others who are currently teaching classes. Now what made them have the
knowledge to create the "G" certifications and how could they have taught CISSP classes without a CISSP? But you don't
see the humor in the fact that MS required someone to be MS "security" certified before it could teach one of it's
classes.

Now that's funny!

Frank Kenisky IV, CISSP, CISA, CISM
Information Systems Security Specialist

Current thread:

Re: Re: Notes from CISSP class with Dr. Eric Cole, (continued)
- Re: Re: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 11)
- Re: RE: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 11)
- RE: RE: Notes from CISSP class with Dr. Eric Cole Craig Wright (Oct 12)
- RE: Notes from CISSP class with Dr. Eric Cole PPowenski (Oct 12)
  - Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
    - Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Oct 12)
    - Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
    - Re: Notes from CISSP class with Dr. Eric Cole kgp (Oct 12)
    - RE: Notes from CISSP class with Dr. Eric Cole Mark Roxberry (Oct 12)
    - Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Nov 02)
- Re: RE: RE: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 12)
- Re: Re: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole dreamwvr (Oct 12)
- RE: Notes from CISSP class with Dr. Eric Cole Harley David (Oct 13)