lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: exibar at thelair.com (Exibar) Subject: Training & Certifications Interesting, if memory serves me (it does every now and again), before this policy went into effect, they had a listing of all CISSPs right on their web site. Now, when they started that, I dunno, so even that could have been after you're inquiry to them. it just wouldn't make any sense to have a certification process, and not be able to verify if a potential job candidate is actually certified. Talk about being certified only on paper, print out your own certificate, instant certification! Kinda like those online diplomas :-) Ex ----- Original Message ----- From: "Laura Taylor" <ltaylor@...evanttechnologies.com> To: "'Exibar'" <exibar@...lair.com>; "'Ron DuFresne'" <dufresne@...ternet.com>; <full-disclosure@...ts.netsys.com> Sent: Tuesday, April 06, 2004 8:07 AM Subject: RE: [Full-Disclosure] Training & Certifications > It sounds like this policy went into effect 10/1/03 from the looks of the > posting. This is definitely new and was not on their site when I made my > inquiry which was in 2002. The person was not mistaken as I called twice to > be sure...it is a new policy that they are not verifying...and a good thing. > It's nice to see. Thanks for pointing that out. Laura > > -----Original Message----- > From: Exibar [mailto:exibar@...lair.com] > Sent: Monday, April 05, 2004 4:46 PM > To: Ron DuFresne; full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Training & Certifications > > > The person that Laura spoke to was mistaken, right from their website it > states: > > In the interim, (ISC)2 Services, 2494 Bayshore Boulevard, Suite 201, > Dunedin, FL 34698 USA, PH: 1.888.333.4458, FX: 1.727.738.8522, will continue > to respond to any employer requests for (ISC)2 credential holder > verifications. Such requests must be in writing on the employer's company > letterhead and a release signature from the CISSP/SSCP must be included in > the request. > > That's found here: https://www.isc2.org/cgi/directory.cgi > > Exibar > > > ----- Original Message ----- > From: "Ron DuFresne" <dufresne@...ternet.com> > To: "Dave Howe" <DaveHowe@....sharp-uk.co.uk> > Cc: "Email List: Full Disclosure" <full-disclosure@...ts.netsys.com>; "Laura > Taylor" <ltaylor@...evanttechnologies.com> > Sent: Monday, April 05, 2004 2:16 PM > Subject: Re: [Full-Disclosure] Training & Certifications > > > > > > [orig snipped] > > > > This was recently posted to the firewall wizards list, and relates to this > > topic; > > > > From: Laura Taylor <ltaylor@...evanttechnologies.com> > > Subject: RE: [fw-wiz] Seeking input: Research Proposal: "Is a third > > position > > possible?" > > Cc: firewall-wizards@...or.icsalabs.com > > Date: Fri, 2 Apr 2004 10:30:33 -0500 > > To: 'Crispin Cowan' <crispin@...spincowan.com>, > > "'Holt, Philip'" <holtp@...ttleu.edu> > > > > Something curious to know about CISSP is this.... > > > > I was thinking of hiring a person with a CISSP and called up ISC2 to > > verify > > if they really were a CISSP. ISC2 told me that they never verify if anyone > > is a CISSP as it is an invasion of the person's privacy. I then asked them > > how could I know for sure if this person really was a CISSP and told them > > that the person was not listed in the CISSP database on the ISC2 web site. > > They then told me that not all CISSPs are listed in the database because > > some don't want to be listed. They told me that the only way to verifiy if > > a person is a CISSP is to ask them for their certificate. I then asked > > them if all certificates look exactly alike and can they tell me how to > > know if a certificate it authenticate. I was told that all certificates do > > not look exactly alike and that they have changed their look over the > > years so there is no way to know if a particular certificate is real or > > not. > > > > After much discussion, it became clear that they were not willing to > > verify if anyone is a CISSP, and that there was no way for anyone to > > really verify this information unless the person chooses to be listed in > > the database on the ISC2 web site. I told them that in my opinion their > > process for certification was not consistent with the concept of "trust, > > but verify" and I ended up not hiring the person I had originally > > interviewed. > > > > If a certification cannot be verified, to me it is worthless. I'd rather > > hire an MCSE because Microsoft is willing to verify all their > > certifications. > > > > The philosophies and ethics of 2600 could possibly be questionable, but I > > dare say that ISC2 is not at all the organization that I once thought it > > to be. > > > > Laura > > > > > > > > > > Thanks, > > > > Ron DuFresne > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > "Cutting the space budget really restores my faith in humanity. It > > eliminates dreams, goals, and ideals and lets us get straight to the > > business of hate, debauchery, and self-annihilation." -- Johnny Hart > > ***testing, only testing, and damn good at it too!*** > > > > OK, so you're a Ph.D. Just don't touch anything. > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > >
Powered by blists - more mailing lists