Re: Re: CISSP

From: R. DuFresne (dufresne@sysinfo.com)
Date: Wed Dec 27 2006 - 16:24:03 EST

• Next message: Nikolaj: "Some help on methodologies and reports"
• Previous message: sami ghourabi: "Re: Banner Grabbing"
• Maybe in reply to: offset: "Re: CISSP"
• Next in thread: mr.nasty@ix.netcom.com: "Re: Re: Re: CISSP"
• Maybe reply: mr.nasty@ix.netcom.com: "Re: Re: Re: CISSP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 27 Dec 2006, Rob Meijer wrote:

> On Tue, 19 Dec 2006, R. DuFresne wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Mon, 4 Dec 2006, dfullerton@mantor.org wrote:
>>
>>> Then I wonder if this certification should really have this kind of notoriety. Looks like it's not technical and if an 11 years old boy can complete this cert ...it's not about security management experience either.
>>>
>>> Anyone can give me some good reason to acquire CISSP while not being related to money and the wannabe marketing-made notoriety?
>>
>> To get hired. It's a requirement for most companies seeking security
>> folks, some companies will hire you without, if you can show experience
>> in the field, and require you get one shortly after being employed., and
>> for any of the agencies that assist with those seeking employment in the
>> field. If you are seeking experience in the field by hiring thru agencies
>> that will market you for security type work, a CISSP is a most, in most
>> cases upfront to get a foot in the door.
>
> To me it sounds like you got it backwards.
> It is large quantities of 'skill and experience' that is a requirement,
> and some companies will hire you without if you have certifications like
> CISSP and they are on a tight budget.
>
> I would sugest to use the folowing rules of thumb with respect to
> certifications:
>
> * less 5 years relevant experience: get certified, if not for the
> knowledge, get them to get payed more !
> * more than 10 years of relevant experience: certification is
> completely useless, don't bother.
> * 5 to 10 years relevant experience and an empty or not fully verifiable
> resume: get certified, it compensates.
> * 5 to 10 years relevant experience and a verifyable resume with some
> highlights in it: if you realy want a specific job that requires it,
> than get certified, otherwise, find a employer that does apreciate your
> skills and experience.

which might well work, if one could get around HR weinies and the
pre-screening agencies that many companies rely upon these days. but yes,
this was a valid route to consider back about 10-15 years ago. Times
change and sometimes not for the better....

Thanks,

Ron Dufresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant: sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFkuR3st+vzJSwZikRAomNAKCFejZP3BDnYs2I13hkVFcRwPik3gCgqD/u
aEIshz1o81j5G89tiDC0i5c=
=E4lF
-----END PGP SIGNATURE-----

• Next message: Nikolaj: "Some help on methodologies and reports"
• Previous message: sami ghourabi: "Re: Banner Grabbing"
• Maybe in reply to: offset: "Re: CISSP"
• Next in thread: mr.nasty@ix.netcom.com: "Re: Re: Re: CISSP"
• Maybe reply: mr.nasty@ix.netcom.com: "Re: Re: Re: CISSP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:30 EDT