I agree. I am writing the CISSP exam this coming Saturday so I have recently reviewed the agreement that (ISC)2 requires of its candidates. I have had over 20 years experience in various areas of systems security, but it was only my word that validated it and some of that experience was along time ago. If you look at the GIAC papers, you have visible evidence of the students' capabilities. For example, look at the GCIA papers at http://www.giac.org/GCIA.php. You have an easily accessible record of what people are capable of. Where is the CISSP equivalent? I received a reply yesterday that this was a cheap way for SANS GIAC to pad their web site, but it certainly helps those with the cert to have a public tangible record of their abilities. Bill Royds System Administrator, Canadian Heritage Information Network ron <ronat_private> 01/02/02 06:34 PM To: Bill Royds/HullOttawa/PCH/CA@PCH cc: rferrellat_private, securityjobsat_private Subject: Re: Article: 10 Hottest Certifications for 2002 One thing I see has hurting the whole CISSP process is the claim of requiring 3 years hands-on experience in the security field for those achieving their certs. Of course, how many times do we read that folks having gleened their papers were not in any way required to prove any experience at all? Now, what good is a requirement that is in no way authenticated? Seems it only demeans the process to an extent does it not? Thanks, Ron DuFresne Bill_Roydsat_private wrote: > SANS GIAC is more and more being governed by the holders of the > certificate (the governing boards are the honors holders) so it is > becoming less of an anti-CISSP group. > Here there is some complementarity, since most GIAC certificates are > for depth in relatively small areas. There are 2 overview Certifications, > GSEC (General Security) , useful as an overview, and the new GISO > (Information Security Officer) , more of higher level cert. If CISSP is > the 10,000 foot view, GIAC is in the trenches. > One thing that GIAC does that (ISC)2 should do is ask for a practical > paper as well as multiple choice. > I feel that questions that refer to color of Rainbow series books are > really memory work, not understanding. > Trivia is not knowledge. Analysis requires it. > > Bill Royds > System Administrator, CHIN > ph: (819) 994-1200 X 239 > > rferrellat_private > 01/02/02 05:55 AM > > To: securityjobsat_private > cc: (bcc: Bill Royds/HullOttawa/PCH/CA) > Subject: Re: Article: 10 Hottest Certifications for 2002 > > > Finally, the certification was originally designed > > for and by federal gov't types...govvies. Many of > > the questions when I took the exam in '99 were > > heavily weighted toward the Rainbow Series, > > particularly the Orange and Red books. The CPEs > > are heavily weighted toward govvies, as well...I > > don't know many commercial consulting firms that > > can have their employees running off to > > conferences and doing other things that they can't > > bill to, all to get these CPE points. > > Oh, I don't know...I'm a 'govvie' and I'm just a couple > of hours short of recertification for CISSP without > attending a single conference. > > I will admit, though, that all certifications in the InfoSec > field that I've investigated (not just CISSP) are pretty > darned self-serving. They tend to be highly competitive > with one another, and to me that just hurts us in the > overall picture. Certs should ideally be complementary or > reinforcing, not mutually exclusive. I'd be a lot more > inclined to pursue GIAC (I'm a big fan of SANS) if they > weren't so frankly anti-CISSP. I'm sure GIAC folks find the > reverse to be true. Instead of competing against one another, > it would be nice to see some cooperation and a concerted attempt > for each to fill in the gaps left by the other. > > Cheers, > > RGF > > Robert G. Ferrell, CISSP > http://rferrell.home.texas.net/rgflit.html > rferrellat_private -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ~~ The good thing about potential is, as long as you do nothing, you'll always have it.
This archive was generated by hypermail 2b30 : Thu Jan 03 2002 - 15:45:09 PST