| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Mar 29 22:59:27 2005 From: dan_20407 at msn.com (DAN MORRILL) Subject: RES: CISSP Test Given that many of the certificates are now "boot camp" type, this should put a different light on those colleges that are pumping out Bachelors of Information Security, Masters and Doctors of Information security as well. Wondering if the acedemic credentials will become important in the longer run. But without Big Business, and ISSA, OSCOMM, ISC2, SANs and others, an international standard is going to be hard to hammer out. What does a security person really need to know in what role, analyst, engineer, code walker, network engineer, systems security, firewall/ids admin? Previous in this thread, its going to take money, and while the money motivation is there, it will be really hard to get anyone to take anything seriously past the "bottom line". There are going to have to be major sources of aggrivation, and maybe the feds will step in with minimum qualifications much like GSA or NSA have done? Who knows, its going to be a rough couple of years for IS. Going to be a lifetimes work for whom ever takes this one up. r/ Dan Sometimes MSN E-mail will indicate that the mesasge failed to be delivered. Please resend when you get those, it does not mean that the mail box is bad, merely that MSN mail is over worked at the time. >From: R Mondesir <rmondesir@...il.com> >Reply-To: R Mondesir <rmondesir@...il.com> >To: SecurityLSI <security@...-slam.com> >CC: full-disclosure@...ts.grok.org.uk >Subject: Re: RES: [Full-disclosure] CISSP Test >Date: Tue, 29 Mar 2005 16:36:13 -0500 > >The C.P.A exam for accountants is a better comparison to the CISSP >than the Bar exam is for lawyers if we are going to compare industry >benchmarks. Eitherway, an internationally accepted stantard seems >inevitable. > >-Rafiyq > > >On Sat, 26 Mar 2005 01:26:36 -0500, SecurityLSI <security@...-slam.com> >wrote: > > I wholeheartedly agree that there needs to be an industry benchmark, > > something that says you cannot operate in this field unless you have >passed > > x. I'm thinking along the lines of something similar to the Bar exam >that > > lawyers have to take, or perhaps a license like what doctors are >required to > > obtain before being able to practice. I fear its going to take something >of > > that level to truly separate the chaff from the wheat. Anything less and >you > > only end up with braindumps and bootcampers throwing resume after resume >at > > you. > > > > The added bonus of having an industry benchmark that bars entry into the > > field tracks to something a mentor once told me: people that belong to > > unions drive Chevys and Fords. Those that belong to associations drive >BMWs > > and Mercedes. > > > > --Joe > > > > ----- Original Message ----- > > From: "Vladamir" <wireless.insecurity@...il.com> > > To: "Jose Ribeiro Junior" <ribeiro@...rocity.com.br> > > Cc: <> > > Sent: Wednesday, March 23, 2005 1:52 PM > > Subject: Re: RES: [Full-disclosure] CISSP Test > > > > > CCIE is where it's at. > > > > > > I love writing practice tests, but I'm only 20, so what do I know > > > > > > Jose Ribeiro Junior wrote: > > > > Hi Friends, > > > > > > > > What you think about CCIE certification model, practice and write >tests > > ? > > > > > > > > I think that is a good model to Security Certifications. > > > > > > > > But, can you create a practice tests not using especific vendors ? > > > > > > > > -----Mensagem original----- > > > > De: full-disclosure-bounces@...ts.grok.org.uk > > > > [mailto:full-disclosure-bounces@...ts.grok.org.uk]Em nome de >Vladamir > > > > Enviada em: quarta-feira, 23 de março de 2005 14:23 > > > > Para: DAN MORRILL > > > > Cc: full-disclosure@...ts.grok.org.uk > > > > Assunto: Re: [Full-disclosure] CISSP Test > > > > > > > > > > > > Very good points, so.. who wants to start writing to the mentioned > > > > organizations about this? > > > > > > > > DAN MORRILL wrote: > > > > > > > >>I think in reading the multiple threads on this issue, there there >are a > > > >>number of perspectives on the value of the CISSP. > > > >> > > > >>What was most interesting was the CEO's perspective. Since the CISSP >is > > > >>a boot camp, and the SANS is bootcampable in the longer run with the > > > >>removal of the practicle. The real question is working towards a > > > >>certificate that demonstrates ability to work in the security arena, >one > > > >>that is really hard to get, and one that really tests the ability to >do > > > >>the work. > > > >> > > > >>While CISSP and SANS are great to have as a resume filter, it does >not > > > >>imply that anyone with either certificate to their name can actually >do > > > >>the work. What I am seeing is that many people are going for these, >and > > > >>have them, but had them a result from an IDS system, or ask them to >do a > > > >>security design for either a network or a chunk of code, the ability >to > > > >>actually perform the task is not there, even though they have the > > > >>certificate. > > > >> > > > >>Personally, I believe the community needs something, certificate, > > > >>degree, internship, what ever, that actually means you can perform > > > >>competently in the security arena. That there is a skill set there >that > > > >>the entire community agree's upon is the minimum recommended skill >set > > > >>to work in this field. If we had something like that, then any >school > > > >>that is pumping out Bachelors of Information Security folks would >have a > > > >>standard. Anyone building a bootcamp or certificate program would >have > > > >>an agreed upon community standard to work with. > > > >> > > > >>ISC2, ISSA, WSA, SANS, et al. Could build a board in conjunction >with > > > >>the community, develop the minimum qualifications to work in the >field, > > > >>and actually accomplish something once they have been certified or > > > >>degreed. NSA has been hugely successful in developing security >schools > > > >>through James Madison, Boise, et al. But they have to agree to and >teach > > > >>to the minimum standard that NSA has put together to meet the needs >that > > > >>NSA has identified. > > > >> > > > >>I think until we as a community agree upon a minimum standard, apply >it > > > >>consistantly across the board much like doctors, lawyers, social > > > >>workers, and other degreed or licensed professionals, we will >continue > > > >>to have this debate until the house burns down. As security > > > >>professionals, as security folks, we have the same ability to either >do > > > >>good, or do harm as any other profession does. We need to understand > > > >>this, and begin working towards skill sets either certificate or >degree > > > >>that actually mean something useful at the end of the day. > > > >> > > > >>My thoughts, flames invited. > > > >>r/ > > > >>Dan > > > >> > > > >> > > > >> > > > >>Sometimes MSN E-mail will indicate that the mesasge failed to be > > > >>delivered. Please resend when you get those, it does not mean that >the > > > >>mail box is bad, merely that MSN mail is over worked at the time. > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >>>From: "Clement Dupuis" <cdupuis@...ure.org> > > > >>>To: <robert@...dsecurity.com>,"'Vladamir'" > > > >>><wireless.insecurity@...il.com> > > > >>>CC: full-disclosure@...ts.grok.org.uk > > > >>>Subject: RE: [Full-disclosure] CISSP Test > > > >>>Date: Wed, 23 Mar 2005 06:45:47 -0500 > > > >>> > > > >>>Robert E. Lee wrote: > > > >>> > > > >>>"SANS programs have little to do with security. I'm glad they >changed > > > >>>their > > > >>>policy. They seem more honest now." > > > >>> > > > >>>Good day Robert, > > > >>> > > > >>>Honesty is a very neat goal to achieve, however it has many facets. > > > >>> > > > >>>I lately learned (under all reserve, please correct me if you know > > > >>>otherwise) that SANS no longer has any NON PROFIT portion left. >They > > > >>>used > > > >>>to be registered as a non-profit entity in the state of Maryland >but it > > > >>>seems that it was dissolved. Technically we could say there is no >SANS > > > >>>Institute left anymore as we knew it on the non profit side. After > > they > > > >>>dissolve SANS they created a FOR PROFIT corporation called ESCAL >which > > > >>>registered the names used in the non-profit as trademarks for their > > > >>>new for > > > >>>profit organization. Even thou you see the name GIAC and SANS >being > > used > > > >>>everywhere, they are all trademark (not organizations) of the new > > > >>>privately > > > >>>owned company. > > > >>> > > > >>>Principals at SANS have NEVER claimed to be non-profit, it is a >myth > > > >>>that we > > > >>>the people that have been dealing with SANS for a long time (since >the > > > >>>time > > > >>>they were non profit) have been propagating. We have been keeping > > > >>>this myth > > > >>>alive simply because we did not know any better and we did not know > > > >>>that the > > > >>>non-profit was dissolved. It was done without any noise or public > > > >>>announcement to the people that were already certified. > > > >>> > > > >>>So they NEVER lied but they never went to any length to inform >people > > > >>>of the > > > >>>real and current status of their corporation activity. Most people > > think > > > >>>that GIAC is non profit which is not the case anymore and this >better > > > >>>explains the decision of dropping the practical requirement: it >does > > not > > > >>>generate money and it is not a good business decision to keep >something > > > >>>alive that will become a drain on the bottom line. Which is a bit > > > >>>contrary > > > >>>to the reason given of improving the overall state of the security > > > >>>community > > > >>>:-) > > > >>> > > > >>>Take care > > > >>> > > > >>>Clement > > > >>> > > > >>> > > > >>> > > > >>> > > > >>> > > > >>> > > > >>>_______________________________________________ > > > >>>Full-Disclosure - We believe in it. > > > >>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > >>>Hosted and sponsored by Secunia - http://secunia.com/ > > > >> > > > >> > > > >>_________________________________________________________________ > > > >>Express yourself instantly with MSN Messenger! Download today - it's > > > >>FREE! >http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > >> > > > >> > > > > > > > > _______________________________________________ > > > > Full-Disclosure - We believe in it. > > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > > > > Esta mensagem pode conter informacao confidencial e /ou >privilegiada. Se > > voce nao for o destinatario ou a pessoa autorizada a receber a mensagem, >nao > > pode usar, copiar ou divulgar as informacoes nela contidas ou tomar >qualquer > > acao baseada nessas informacoes. Se voce recebeu esta mensagem por >engano > > favor avise imediatamente ao remetente respondendo o e-mail e em seguida > > apague-o. Agradecemos sua cooperacao > > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ _________________________________________________________________ Don’t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Powered by blists - more mailing lists