Re: Notes from CISSP class with Dr. Eric Cole

[intel96 <intel96 () bellsouth net>]

That was my point! Being a CISSP does not mean that you have the 
technical knowledge to deploy IDS, IPS, firewalls, conducted pentest, 
etc.  It does mean that you have an understanding of the 10 domains that 
the exam covers.


Saqib Ali wrote:

> > The second case involved a pentest where a CISSP had conducted a project
> > for a web portal.  The CISSP told the customer the portal was secure,
> > but the customer had concerns about the quality of the work perform.
> > Again I was called in to check the other CISSP's work and I was able to
> > gain root access in 6 hours.  That customer now checks the background
> > and even tests CISSP before they are allowed to do any work.
> >    
>
> It is not the job of a CISSP to tell if a application is secure (hack
> proof) or not. It is like asking a District Attorney to perform Police
> Detective work. It doesn't work like that. You need a different
> skillset to perform detective work.
> --
> In Peace,
> Saqib Ali
> http://www.xml-dev.com/blog/
> Consensus is good, but informed dictatorship is better.
>
>