lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <41A2298B.5060808@vdbmusic.com>
From: srenna at vdbmusic.com (Scott Renna)
Subject: [ok] Certifications

I would say to start with lower level certs.  I started my career with 
the CCNA/CCDA because I did not have enough experience yet to move on to 
  CISSP.  One option you have is the SSCP but that requires 2 years 
experience.  And I didn't think you were questioning my knowledge at 
all, so no worries.

You may have to take a crappy job doing something besides security for a 
while and just work on learning security on your own free time.  that's 
what i did and the second i was able to take the cissp, i signed up. 
it's a big doorway into a good job but you do have to work for a few 
years to reach that goal.  I don't believe there are any requirements 
for experience for SANS certs, but i could be wrong on that.

your comment about those with 4 years security and a boot camp was 
comical.  in my current situation, individuals had been placed into 
security roles and knew jack.  so they sent them to "boot camp."  now 
they are experts.

the cissp exam is not easy by any means(mostly because of poor wording 
on questions and the broad range it covers) but it does not make anyone, 
in my eyes, a "Security Professional."



Scotty Renna

Anders Langworthy wrote:
> Scott Renna wrote:
> 
>> I would agree with these statements as well.  I'm carrying 2 
>> GIACs(GCIA and GCIH) as well as CISSP.  I feel that the CISSP is a 
>> very broad general overview of the concepts of security; however, 
>> there are far too many unqualified people attending boot camps and 
>> passing the examination.
> 
> 
> I'm not questioning your knowledge, but since I've been looking into 
> certifications to help me find a job, I did some research on this recently.
> 
> I understand the concept of a boot camp with regard to something like 
> the Security+, where the only requirement is passing the examination. 
> I'll be taking this exam soon, and from what I've looked at so far, an 
> intelligent person with little security experience could probably pass 
> this exam with only a few weeks of memorization.
> 
> The CISSP, otoh, supposedly requires 4 years of professional full-time 
> security work (3 years with a college degree, or 2 years with a BS & 
> Masters in Info Security).  Going to a boot camp wouldn't take care of 
> this requirement.  Shouldn't those with 4 years of professional 
> experience doing security be able to pass the exam without the need for 
> a boot camp anyway (or is that just foolish optimism)?  Are the exp. 
> requirements so open to interpretation or embellishment?  What gives?
> 
> \\Anders
> 
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ