| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ggilliss at netpublishing.com (Gregory A. Gilliss) Subject: Credibility (was User Insecurity) Actually what he is describing is what I refer to as "credibility". The CISSP after my name is a measure of my credibility. It tells otherwise clueless people, people without first hand experience and knowledge, something about me. Perhaps it tells them that I exhibit some measurable degree of knowledge or experience in my chosen field (security). For people who know me or know security, it may tell them nothing more than the fact that that I am a person who can afford $450 and can pass a standardized test. The letters mean something different than they do for people without experience, since each group (a) bases their measure of my credibility on something different (personal experience, word of mouth, rumor, slander, etc). Credibility is a function of perception (my assertion - YMMV). Sales people with crappy clothes and long hair may be "less credible" than "Ken dolls". MCSE is "more credible" than "pimply-kid-who-knows-how-to-install- NT". Doesn't necessarily mean that MCSE is "more knowledgeable" or "more professional" than "NT kid", but if *you* see it that way then *you* have defined the credibility. A hiring manager may look at two resumes and, all else being equal, will likely hire the one with the college degree or the certification because that person is "more qualified" - or, IOW, that person has more credibility. May not be the best choice, but that's what goes on. (Hiring managers who take exception may email me off list pls). Credibility equates to experience equates to clue (my assertion). In a "trust" relationship, you can start from "no trust" or "full trust" or anywhere in between (some trust, limited trust, etc). SSL is a good example of "full trust". Holes, exploits, etc reduce "trust" for a time (until the hole is patched). Microsoft suffers from a credibility problem because (a) people keep finding holes, (b) Microsoft often denies/ignores the holes, and (c) Microsoft takes a subjectively long period of time to patch the holes found in (a) and denied in (b). Credibility. We live and die by it in the security world as much as any mechanic/lawyer/doctor/insert other professional designation here... G On or about 2004.03.19 11:39:19 +0000, gadgeteer@...gantinnovations.org (gadgeteer@...gantinnovations.org) said: > What you describe regarding you and your mechanic is "blind trust". > You are trusting his abilities as a mechanic based on you preception > of him as a person. <<SNIP>> -- Gregory A. Gilliss, CISSP E-mail: greg@...liss.com Computer Security WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
Powered by blists - more mailing lists