WebApp Sec mailing list archives
RE: Notes from CISSP class with Dr. Eric Cole
From: "Harley David" <David.Harley () cfh nhs uk>
Date: Thu, 13 Oct 2005 08:50:56 +0100
Can we get a little balance back here? CISSP is not a purely paper qualification that anyone with the money to take the exam can get. It requires, apart from sufficient knowledge to pass the exam, proven experience in security. What it doesn't require or prove is specialized technical knowledge and experience in any particular security area. It's a reasonable requirement for some kinds of managerial role in itself. It may not be sufficient for a technical or hybrid manager. It isn't, in itself, always a sufficient requirement for a technical role, though it may, in combination with other certification or experience appropriate to the role, provide necessary reassurance that the candidate isn't too focused on a narrow area. It doesn't, in itself, prove the holder's fitness to administer IDS, or a firewall, or PKI, or pen-testing, or even AV, and any company that hires people for such roles purely on the strength of the acronym CISSP is risking (at least) disappointment (but I'm not sure that companies are generally so naive). What it certainly doesn't do is prove that the holder is a fraud or incompetent. It's been described as a broad but shallow, but holding it is not proof that the holder is -or- isn't expert in one or more specialist areas. It indicates a proven level of knowledge which is sufficient for some roles and not for others, and I'm not sure it's productive to attempt to define too closely which roles its sufficient for. That depends on other factors such as experience, other qualifications, and willingness to train (or be trained) further. Could we please get back to web security now? -- David Harley This e-mail is confidential and privileged. If you are not the intended recipient please accept our apologies; please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it. Thank you for your co-operation.
Current thread:
- RE: Notes from CISSP class with Dr. Eric Cole, (continued)
- RE: Notes from CISSP class with Dr. Eric Cole PPowenski (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole kgp (Oct 12)
- RE: Notes from CISSP class with Dr. Eric Cole Mark Roxberry (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Nov 02)
- RE: Notes from CISSP class with Dr. Eric Cole PPowenski (Oct 12)