WebApp Sec mailing list archives

RE: Notes from CISSP class with Dr. Eric Cole

From: "Harley David" <David.Harley () cfh nhs uk>
Date: Thu, 13 Oct 2005 08:50:56 +0100

Can we get a little balance back here?

CISSP is not a purely paper qualification that anyone with the
money to take the exam can get. It requires, apart from
sufficient knowledge to pass the exam, proven experience in
security. What it doesn't require or prove is specialized
technical knowledge and experience in any particular security
area.

It's a reasonable requirement for some kinds of managerial
role in itself. It may not be sufficient for a technical
or hybrid manager. It isn't, in itself, always a
sufficient requirement for a technical role, though it
may, in combination with other certification or experience
appropriate to the role, provide necessary reassurance that
the candidate isn't too focused on a narrow area. It doesn't,
in itself, prove the holder's fitness to administer IDS,
or a firewall, or PKI, or pen-testing, or even AV, and
any company that hires people for such roles purely on
the strength of the acronym CISSP is risking (at least)
disappointment (but I'm not sure that companies are
generally so naive).

What it certainly doesn't do is prove that the holder
is a fraud or incompetent. It's been described as a
broad but shallow, but holding it is not proof that the
holder is -or- isn't expert in one or more specialist areas.
It indicates a proven level of knowledge which is sufficient
for some roles and not for others, and I'm not sure it's
productive to attempt to define too closely which roles
its sufficient for. That depends on other factors such
as experience, other qualifications, and willingness to
train (or be trained) further.

Could we please get back to web security now?

--
David Harley

This e-mail is confidential and privileged. If you are not the intended recipient please accept our apologies; please
do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so
is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it.
Thank you for your co-operation.

Current thread:

RE: Notes from CISSP class with Dr. Eric Cole, (continued)
- RE: Notes from CISSP class with Dr. Eric Cole PPowenski (Oct 12)
  - Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
    - Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Oct 12)
    - Re: Notes from CISSP class with Dr. Eric Cole intel96 (Oct 12)
    - Re: Notes from CISSP class with Dr. Eric Cole kgp (Oct 12)
    - RE: Notes from CISSP class with Dr. Eric Cole Mark Roxberry (Oct 12)
    - Re: Notes from CISSP class with Dr. Eric Cole Saqib Ali (Nov 02)
- Re: RE: RE: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 12)
- Re: Re: Notes from CISSP class with Dr. Eric Cole f_kenisky (Oct 12)
- Re: Notes from CISSP class with Dr. Eric Cole dreamwvr (Oct 12)
- RE: Notes from CISSP class with Dr. Eric Cole Harley David (Oct 13)