WebApp Sec mailing list archives

Re: Notes from CISSP class with Dr. Eric Cole

From: dreamwvr <dreamwvr () dreamwvr com>
Date: Wed, 12 Oct 2005 11:40:50 -0600

>IMHO....
>
>The CISSP is strictly a paper certification. The reason that I feel this
>way is that too many people obtain this certification with no real
>security experience.  Over the past 2 years, I have been called in to
>fix security problems that were caused by other CISSPs.
Yes, that is the assessment here as well.
(There has been quite a few waves in IT to stream since circa early 80s.)
This seems to be another one of which brings the good, bad, and ugly.
FWIW, the days of xbar, G????_Circle && NCSA Mosaic more profound;-)
This was the time when I recall being in the land of giants.

However, here we sit being flamed at for saying it as it is..
(Appreciate the censors filtering out the cruft.)

CISSP became a paper certification the instant it was discovered
that having it superceded those doing their time.
So that is what it is about. It means that the security industry has
not educated the HRs of the world. (We like to create filters to traffic.)
Unfortunately this may set the bar based not on merit alone.
Like other certifications bought by some to bypass experience
we have created another. If it becomes the bar that allows
or denies.. be afraid, be very afraid.

"Myself, I_prefer _to_work_with_those_who_have_a_clue." It should
be one radio button not the only on filter.

 Your comments of coming across CISSPs that believe that the
solution to all security issues are solved int the same way as
how_wide_they open() their wallet to get CISSP are seriously
misguided.  I have met many who think that they are superior
largely because of the proprietary HW they can afford to buy/play with..
Reminds me of someone trying to argue that cisco rtrs,switches,
windows, logging via syslog was somehow so very different
than in Unix. The only way to win was to explain the origins of
the technology. Explaining it was also a protocol, rfc, function,
etc was completely lost. Often wonder how many orgs internally
pay for CISSP cert without the real understandings.

IMO this means we have come full circle. Have we learned anything?
The question has more than one answer..

Best Regards,
dreamwvr () dreamwvr com

Current thread:

RE: RE: Notes from CISSP class with Dr. Eric Cole, (continued)
- RE: RE: Notes from CISSP class with Dr. Eric Cole Craig Wright (Oct 12)
- RE: Notes from CISSP class with Dr. Eric Cole PPowenski (Oct 12)
  - Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
    - Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Oct 12)
    - Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
    - Re: Notes from CISSP class with Dr. Eric Cole kgp (Oct 12)
    - RE: Notes from CISSP class with Dr. Eric Cole Mark Roxberry (Oct 12)
    - Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Nov 02)
- Re: RE: RE: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 12)
- Re: Re: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole dreamwvr (Oct 12)
- RE: Notes from CISSP class with Dr. Eric Cole Harley David (Oct 13)