This is a cryptographically signed message in MIME format. --------------msC45EFBFEC64684B77C0E3C2C Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Paul D. Robertson wrote: > I seriously questioned the real-world value of such certifications > based on my experiences with the people who held them. I know folks who > have them who are _seriously_ missing pieces of the real-world puzzle. > Some of them are fair at the business side things, but I've yet to meet a > certificate holder who impressed me because of the certifcation > process, or other than one case, their grasp of real-world security problems. > > In the ensuing time since this went around, I've met another couple of > holders, one of whom I would actually trust to do real-world > evaluations of my networks. All the experience and knowledge said person gleaned > that made them meet my criteria was prior to them even considering the > test. And this really is the criteria that certifications focused on in the beginning. A CDP or CNE was supposed to be a standard of proving that you had experience in your given field. Of course, people who didn't have this experience also wanted to become certified so vendors/organizations designed courseware to "supplement" a person's knowledge and essentially prepare them for the exam. Some trainers still mention (tongue-in-cheek) that this course is for education and not to prepare you for a test, others have dropped the charade altogether. In my opinion, some courseware has continued to lower their requirements for prior knowledge so that you really only need to be familiar with using a mouse and keyboard to become a certified something. The term "paper" CNEs/MCSEs/etc. has gained popularity among those of us having experienced the real lack of knowledge among some certified individuals. After all, what is that rule about learning and retention? Something like you lose 50% after a few weeks or so. It takes real world experience to be able to truly understand and utilize computer concepts. The more the better, since everything tends to have some relation in computing. Certification isn't necessary to do this, but with some people it helps to put the point across in the beginning (or on resumes). Obviously this depends on your prior experiences with certified individuals, as you state. > If your resume came accross my desk, and you had certification but not > experience, it wouldn't mean much to have the certification. If you > had experience but not certification, it wouldn't mean much not to > have the certification. The (ISC)^2 has been fairly sensitive of this fact and tries to address it through several measures. Foremost is their requirement that you have at least 5 years of related experience in the information security industry before you can take the CISSP exam. This doesn't stop people from lying, but they would risk possible detection and certification stripping. Ongoing education and training is also required for you to maintain your certification. Over a three year period a certified individual must earn 120 Continuing Professional Education credits (CPEs) through a variety of methods. Essentially things like attending classes, conferences, teaching, writing articles/books, self study, submitting new exam questions, or retaking the exam all count towards earning CPEs. Plus, they limit how many CPEs you can earn doing certain activities. More info on this can be found at http://www.isc2.org/recert.htm The biggest complaint about the (ISC)^2 and the CISSP exam is the age of the material (it does have a slight mainframe slant due to the founder's own experience) and the quality of the exam. I understand that since I sat for the exam some significant steps (including an open two day meeting to review questions) have been taken. The CISSP will gain a lot more value if this path of improvement is continually followed. > I've been RACF "special", I've been a VM sysprog, my first job had IBM > 360 mainframes running DOS. I've yet to see a certification process > that tests enough current knowledge to be more useful than the same ammount > of time spent doing individual research. This is indeed the main fault with current certification testing which in turn can place the blame on our industry's rapid growth and expansion. Some organizations obviously make more of an effort to keep up to date than others. Unfortunately, most people are left to find this out for themselves during a test. Your other point about individual research is also quite valid. I would love to tell management that I'm taking off a week (non-vacation time) to study the intricacies of IPv6 and have them accept it. Somehow they seem a little more receptive to letting me go for a week to sit in a classroom and learn the basics of TCP/IP from Microsoft. Luckily this doesn't prevent me from also supplementing my textbook education with any other materials either during this time or off-hours. It also boils down to what type of a learning you respond to the best. Some people are able to grasp concepts better when they provided by an instructor. Some people hate classroom environments and won't utilize them. Each to his own, I suppose. The main goal should always be to achieve an accurate and useful education. -- Bruce K. Marshall, CISSP - bkmarshat_private - Feist Communications 2424 S. St. Francis - Wichita, KS 67216 - 316-264-2248 --------------msC45EFBFEC64684B77C0E3C2C Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIKRwYJKoZIhvcNAQcCoIIKODCCCjQCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC CLUwggP+MIIDZ6ADAgECAhASMtOqZaMJeG30ywZY4yTCMA0GCSqGSIb3DQEBAgUAMGIxETAP BgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVy aVNpZ24gQ2xhc3MgMiBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NzEwMTQwMDAw MDBaFw05ODEwMTQyMzU5NTlaMIIBUTERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZl cmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVh bCBTdWJzY3JpYmVyMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BT IEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk2MSYwJAYDVQQLEx1EaWdpdGFsIElEIENs YXNzIDIgLSBOZXRzY2FwZTEZMBcGA1UEAxMQQlJVQ0UgSyBNQVJTSEFMTDEgMB4GCSqGSIb3 DQEJARYRYmttYXJzaEBmZWlzdC5jb20xQDA+BgkqhkiG9w0BCQgUMTExMCBTLiBNYWluIFN0 LiBTdWl0ZSAxMDANCldpY2hpdGEsIEtTDQo2NzIwMg0KVVMwXDANBgkqhkiG9w0BAQEFAANL ADBIAkEAsKYQn7JBE7++l+hVz8VC1OL2epHSSqfF7KaXAV1cKftarzRuUtChZbeDxBQdgcws Np6muw6AOh1Q7tdic/+DuwIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADCBrwYDVR0gBIGnMIAw gAYLYIZIAYb4RQEHAQEwgDAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t L0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3Mg Q1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24AAAAA AAAwEQYJYIZIAYb4QgEBBAQDAgeAMDAGCmCGSAGG+EUBBgcEIhYgMWVlMWQxOWY1NzZlNTk3 ZmQ0Zjg0ZTNkZWM0N2Y3YzIwDQYJKoZIhvcNAQECBQADgYEAespR+mMJpn3oXGU3GiL2Lw+g AFZe49HBdpzrCNZK08yiqgGoh91QRB1c0TdnrwZCqzHXDtL0HoGxctfRUpMlgR/3KqmuhxsZ GCUn8As0P4k0/KQfRNpuqHkUQPtYr8BJNmzk5vxQTfCDwud09j4ZaIhykCxGIJmoYaSgSYrL 0rEwggJ6MIIB46ADAgECAhEAlbB2hEzFCiJmppNpv4KenTANBgkqhkiG9w0BAQIFADBfMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIg UHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwNjI3MDAwMDAw WhcNOTkwNjI3MjM1OTU5WjBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDIgQ0EgLSBJbmRpdmlkdWFsIFN1 YnNjcmliZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALoD7ZzMoZFxgx+byB2eT7R1 731MMPOyqjS/mdtGxtSYxx1FDuewxtFZ7RIBv/1CgtNn9wnSI4Gp2uTPtSmqopqtWhNJ2VIx Uz3a1andsmdxkdAPW3jF3qVBV0jX9PpH7knRPW6Q52wj0mZ/4XbxLqDdHcvVIXCIcp5kpm/P 7v3fAgMBAAGjMzAxMA8GA1UdEwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIB AQQEAwIBBjANBgkqhkiG9w0BAQIFAAOBgQCqdS6/6yt/yp7Tb22NPA8Jzls4mN1PgCE5WFv9 dzFOBhIXX9mSoZG7IKLTiDyntlJpFyzubCyfTshbvUTBwIr2jy3SVfxhgU1yR8INx248s7HZ AbJgNW03oRXfwmCPhdqcZfzrvskLRXbd0OI0FGnWTHa5h0RwYZlryPw/GhiueDCCAjEwggGa AgUCowAAATANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNp Z24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlv biBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNOTkxMjMxMjM1OTU5WjBfMQswCQYDVQQG EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVibGlj IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBALZai6MNaiODgGvPOYf0IRMzBkwlou1VEpfFp4C5+oPBIKD6LxUNfKFga355LPoG Dzqu9htvsdL/LyhSX4N9S8R6t/hmH4BU/LfCjllKFFdG0ZqTvkGRA7sVgJNc6+fMCGw/PrNK /P9LbCPVUIImRBmOI8Nx6hkkRwSedb/IpgAfAgMBAAEwDQYJKoZIhvcNAQECBQADgYEAe6+k HC/Amw47XPyo5tGWD0hySYXlrxojAOPpu4A0bLI/hKg8cnCzTN5z+nyE0pKlADcJwgM0IwO3 7XaW3D5Phf1YF/QEvuxRHtx629uu6GF42mU4R6wdA3Bt6eO7oEqfQOq823O/Z01dxnwgXOfo ogorwgl010z+2+lrAmNdOacxggFaMIIBVgIBATB2MGIxETAPBgNVBAcTCEludGVybmV0MRcw FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMiBDQSAt IEluZGl2aWR1YWwgU3Vic2NyaWJlcgIQEjLTqmWjCXht9MsGWOMkwjAJBgUrDgMCGgUAoH0w GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAjBgkqhkiG9w0BCQQxFgQUJ8EY2uW86zjeHu4T P/T3UfC7huAwHAYJKoZIhvcNAQkFMQ8XDTk4MDQyOTE1MTkxMlowHgYJKoZIhvcNAQkPMREw DzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAARATIoJL4Xn/48f1heb49X9vRB5tgnE IlO6FVEpC6+0XjOomAIU/Ats3XiuhbYbuELlE6P9wAaiyBMRnwqgqlwQeg== --------------msC45EFBFEC64684B77C0E3C2C--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:42 PDT