This is a cryptographically signed message in MIME format.
--------------msA41F2025FBAC57187B6AF8FE
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Bennett Todd wrote:
> I don't propose making it easier for frauds; I'm all in favour of
> effective measures to make their life harder. Sadly, certification in
> computer security doesn't seem to profit anyone except those same
> frauds.
I would also take exception to your blatant generalization. Not
because I'm certified, but because I know of many more qualified people
who do carry industry/vendor specific certifications and they are most
definitely not frauds.
You sound a lot like I used to be in regards to college degrees.
Having decided not to pursue a college degree myself I proceeded to
denounce their importance and worth to my peers. After all, what is the
value of a piece of paper, especially when it is borne from studies of
COBOL and Microcomputer basics?
After realizing that the Sun and Earth didn't revolve around me, I
started looking a little deeper into what a college degree consisted
of. First, I realized some employers simply won't hire you unless you
have a degree. I still find this quite ignorant, but have learned to
deal with the fact that they are losing out, not me or many other
people. Second, I saw that even if some of the coursework was what I
would consider outdated, they were teaching concepts that applied to
many other aspects of computers and networking. Third, most computer
geeks weren't just relying on their classes to provide them with an
education. Extra-curricular activities or independent projects served
a great deal of education and growth. Internships, hands-on lab time,
library resources, etc.. all contribute to the potential value of a
college education.
I still don't think that I'm at much of a disadvantage when compared
to those who attended college because I took measures to pursue a lot of
these same areas on my own. But, I don't immediately dismiss the value
of a college education either. I have to weigh that in any decisions
about a persons worth or qualifications. Whether they took advantage of
their opportunities there usually becomes quite clear.
Certifications can be in this same boat. Because I took the time to
learn about physical security and how the legal system deals with
computer crime for the CISSP exam makes me better at doing my job and
understanding how the industry functions. It doesn't mean that an
employer should hire me over you. As I said, this should just be one
factor in your judgment of me or anyone else, but you have to consider
it.
My point being, don't make broad characterizations (negative or
positive) about something until you've thought through the process and
met enough people to make a valid decision. It just doesn't seem like
you've really done that.
> I've never met anyone with experience and credentials in the security
> field who believed that computer security expertise could be usefully
> tested for and certified.
This depends on the extent and focus of your testing. For me to
claim that my CISSP proves I'm a security guru would be quite false. To
claim that my CISSP proves I understood at the time of my exam (and
hopefully still do) the Bell-Lapadula model, OSI layers, telecom
security basics, how to do Business Continuity planning, etc. would be
quite valid. I've passed a test designed to measure my comprehension of
those subjects.
If you ask me to design an exam that would test your ability at
understanding the properties of TCP/IP, I could do that without much
trouble. However, change that criteria to creating a test that would
test your ability to effectively implement TCP/IP in business
environments and my job has just skyrocketed in complexity.
Ultimately, a lot of tests try to meet the later goal and do it so
poorly that my view of certification tests is also a bit negative. A
Cisco exam, as well as my CISSP test, I took had some obvious
grammatical errors that should have been caught in the evaluation
process. That doesn't make me feel too comfortable with their overall
evaluations if they can't meet even such a basic requirement. However,
that doesn't stop me from trying to adapt and add what is perceived by
most as value to my career.
We'll never get complete agreement from a group of people on the
value of X vs. Y, but I hope that my view helps expand the overall
understanding in the same way that I've gained insight from others.
--
Bruce K. Marshall, CISSP - bkmarshat_private - Feist Communications
2424 S. St. Francis - Wichita, KS 67216 - 316-264-2248
--------------msA41F2025FBAC57187B6AF8FE
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIIKRwYJKoZIhvcNAQcCoIIKODCCCjQCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
CLUwggP+MIIDZ6ADAgECAhASMtOqZaMJeG30ywZY4yTCMA0GCSqGSIb3DQEBAgUAMGIxETAP
BgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVy
aVNpZ24gQ2xhc3MgMiBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NzEwMTQwMDAw
MDBaFw05ODEwMTQyMzU5NTlaMIIBUTERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVh
bCBTdWJzY3JpYmVyMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BT
IEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk2MSYwJAYDVQQLEx1EaWdpdGFsIElEIENs
YXNzIDIgLSBOZXRzY2FwZTEZMBcGA1UEAxMQQlJVQ0UgSyBNQVJTSEFMTDEgMB4GCSqGSIb3
DQEJARYRYmttYXJzaEBmZWlzdC5jb20xQDA+BgkqhkiG9w0BCQgUMTExMCBTLiBNYWluIFN0
LiBTdWl0ZSAxMDANCldpY2hpdGEsIEtTDQo2NzIwMg0KVVMwXDANBgkqhkiG9w0BAQEFAANL
ADBIAkEAsKYQn7JBE7++l+hVz8VC1OL2epHSSqfF7KaXAV1cKftarzRuUtChZbeDxBQdgcws
Np6muw6AOh1Q7tdic/+DuwIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADCBrwYDVR0gBIGnMIAw
gAYLYIZIAYb4RQEHAQEwgDAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
L0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3Mg
Q1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24AAAAA
AAAwEQYJYIZIAYb4QgEBBAQDAgeAMDAGCmCGSAGG+EUBBgcEIhYgMWVlMWQxOWY1NzZlNTk3
ZmQ0Zjg0ZTNkZWM0N2Y3YzIwDQYJKoZIhvcNAQECBQADgYEAespR+mMJpn3oXGU3GiL2Lw+g
AFZe49HBdpzrCNZK08yiqgGoh91QRB1c0TdnrwZCqzHXDtL0HoGxctfRUpMlgR/3KqmuhxsZ
GCUn8As0P4k0/KQfRNpuqHkUQPtYr8BJNmzk5vxQTfCDwud09j4ZaIhykCxGIJmoYaSgSYrL
0rEwggJ6MIIB46ADAgECAhEAlbB2hEzFCiJmppNpv4KenTANBgkqhkiG9w0BAQIFADBfMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIg
UHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwNjI3MDAwMDAw
WhcNOTkwNjI3MjM1OTU5WjBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDIgQ0EgLSBJbmRpdmlkdWFsIFN1
YnNjcmliZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALoD7ZzMoZFxgx+byB2eT7R1
731MMPOyqjS/mdtGxtSYxx1FDuewxtFZ7RIBv/1CgtNn9wnSI4Gp2uTPtSmqopqtWhNJ2VIx
Uz3a1andsmdxkdAPW3jF3qVBV0jX9PpH7knRPW6Q52wj0mZ/4XbxLqDdHcvVIXCIcp5kpm/P
7v3fAgMBAAGjMzAxMA8GA1UdEwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIB
AQQEAwIBBjANBgkqhkiG9w0BAQIFAAOBgQCqdS6/6yt/yp7Tb22NPA8Jzls4mN1PgCE5WFv9
dzFOBhIXX9mSoZG7IKLTiDyntlJpFyzubCyfTshbvUTBwIr2jy3SVfxhgU1yR8INx248s7HZ
AbJgNW03oRXfwmCPhdqcZfzrvskLRXbd0OI0FGnWTHa5h0RwYZlryPw/GhiueDCCAjEwggGa
AgUCowAAATANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNp
Z24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlv
biBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNOTkxMjMxMjM1OTU5WjBfMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVibGlj
IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBALZai6MNaiODgGvPOYf0IRMzBkwlou1VEpfFp4C5+oPBIKD6LxUNfKFga355LPoG
Dzqu9htvsdL/LyhSX4N9S8R6t/hmH4BU/LfCjllKFFdG0ZqTvkGRA7sVgJNc6+fMCGw/PrNK
/P9LbCPVUIImRBmOI8Nx6hkkRwSedb/IpgAfAgMBAAEwDQYJKoZIhvcNAQECBQADgYEAe6+k
HC/Amw47XPyo5tGWD0hySYXlrxojAOPpu4A0bLI/hKg8cnCzTN5z+nyE0pKlADcJwgM0IwO3
7XaW3D5Phf1YF/QEvuxRHtx629uu6GF42mU4R6wdA3Bt6eO7oEqfQOq823O/Z01dxnwgXOfo
ogorwgl010z+2+lrAmNdOacxggFaMIIBVgIBATB2MGIxETAPBgNVBAcTCEludGVybmV0MRcw
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMiBDQSAt
IEluZGl2aWR1YWwgU3Vic2NyaWJlcgIQEjLTqmWjCXht9MsGWOMkwjAJBgUrDgMCGgUAoH0w
GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAjBgkqhkiG9w0BCQQxFgQUBMxQpopVkFL/7eMA
GQEDtAckfx0wHAYJKoZIhvcNAQkFMQ8XDTk4MDUwMTE2MjgyM1owHgYJKoZIhvcNAQkPMREw
DzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAARAV/xonC1NNQ034A0fha0B5wlbcDli
m15XmylBTpKleDWSvJQGX7tTAT+cwtdq3gAiOksj3LSwnLHpUqhkbROsEQ==
--------------msA41F2025FBAC57187B6AF8FE--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:12 PDT