lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Mar 30 00:59:36 2005
From: root at nullrouted.us (J. Oquendo)
Subject: RES: CISSP Test


On Tue, 29 Mar 2005, R Mondesir wrote:

> The C.P.A exam for accountants is a better comparison to the CISSP
> than the Bar exam is for lawyers if we are going to compare industry
> benchmarks.  Eitherway, an internationally accepted stantard seems
> inevitable.

Funny thing is, outside of the USA, I barely see people abroad toss in
fifty different little signatures when they send out mail.

Joe Blow
SCSA, CISSP, CCIE, CCDA, MCSE, FOOL, PWND, OVRKL
55 Main Street
London Bridge

With the exception of the Cisco certs, I can't recall seeing someone "tag"
their CISSP status coming from somewhere outside of the United States. Not
to say it is not important, but sigs (and this is all they mean to me...
signatures) are becoming overrated and bloated. Its like "Yea well I just
obtained my Symantec Uber Certified Klassification! Now I can add a SUCK
to my sig!" Give me a break.

I should for kicks dig through some of the mailing lists I'm on and point
fingers at CCDA's, MCSE's, CISSP's, and other little signature devils who
ask questions a 16 year old can answer. There are those who take tests,
and there are those who don't.

I'm sure many on this list know someone who is supposed to know but is
actually a clueless gimp.

> > I wholeheartedly agree that there needs to be an industry benchmark,
> > something that says you cannot operate in this field unless you have passed
> > x. I'm thinking along the lines of something similar to the Bar exam that

Industry benchmark? Sure there should be some overall knowledge of just
about everything but how do you define the unknown which is what most
computer security is at its core. Well I guess I'm looking at it from a
Greyhat perspective. How do you expect someone to learn vulnerabilities
that pop up. It takes a little more than reading and memorizing some book.
Bottom line in my opinion.

> > lawyers have to take, or perhaps a license like what doctors are required to
> > obtain before being able to practice. I fear its going to take something of
> > that level to truly separate the chaff from the wheat. Anything less and you
> > only end up with braindumps and bootcampers throwing resume after resume at
> > you.

It will not separate any chaff from the wheat. How many people just dive
into books and pass exams? With the CISSP, one is supposed to have an
alloted amount of time in the field. Sure lets debunk this moronic notion
of them validating this... Joe Blow worked for Foo Financial for 10 years.
9 of those years where in the mailroom. His brother in law works in the
compsec department and convinced his boss to `give him a chance`. Joe Blow
with one year experience studies for that one year. Applies to take the
test with (get this) 10 years (oh my he has some experience (do he not!)
under his wing. Joe Blow gets his sig and becomes a sig nazi. Whoopdeedoo.
So much for standards.


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x0D99C05C
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0D99C05C

sil @ infiltrated . net http://www.infiltrated.net

"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ