lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: exibar at thelair.com (Exibar)
Subject: CISSP Test

The CISSP cert is a great cert to have if you want to get your foot in the
door.  Some places require you to have the cert as well.  It gives the
assurance that the holder of the cert is a fairly well rounded security
person that understands the concepts, but not neccessarily the finer details
of implimentation.  CISSP is basically a 50,000 foot view of IT security as
a whole.

  The SANS / GIAC exams are better IMHO.  Simply due to the fact that they
mostly specialize in one field, and require you to complete a practical
assignment that enforces the fact that you really know how to make use of
the material in a real world situation.

 BUT, SANS / GIAC has done away with the practical written paper part of the
exam as recent as last week.  This severely devalues the GIAC certs IMHO.
Now any Joe Shmoe that can read a book and memorize said book, will be able
to get certified.  The practical exam weeded out the "exam-cram" crowd.  I
understand that some people just couldn't find the time, you have 5 months
to write the practicle.... if you really want the cert you'll find the time.


<up on soapbox, stop reading now if you don't want to read a rant>

   My only gripe about CISSP is with ISC2, MOST of my spam comes from ISC2.
Ok, perhaps not most of it, but a bunch of it.....   They constantly send
crap to me, elections for board of directors (who cares?), this class is
coming up (I'm already CISSP, why take another class?), that class is coming
up, this thing is happening, that thing is happening....  Really who cares?
I could care less who the "president" is of ISC2, place Barbie in charge for
all I care, I could care less if they have yet another class coming up in my
area, I'm already certified, why in the world would I want to take a class
to becoem CISSP????)....  ISC2 says they are non-profit, great, fine, yippe,
but what do I get for my $85 per year?  I have the cert, that's all I
needed, I paid $450 for the priviledge to take the exam.  Please don't tell
me it costs $85 per year to keep track of my CPE's....  If it does I'll keep
track of them myself on a piece of 3 cent paper thank you very much.....
  SANS doesn't charge me a yearly fee for my GCIH, but I do have to be
re-tested every 2 years at a cost of $120... not unreasonable if you ask
me....

<off soapbox>

Exibar


----- Original Message ----- 
From: "adeel hussain" <ad33lh@...il.com>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Tuesday, March 22, 2005 11:37 AM
Subject: RE: [Full-disclosure] CISSP Test


> Hello Vladamir,
>
> To answer your question, yes the CISSP is worth it.  However it is
> only worth it due to the publics misconception of what is is.
>
> The CISSP certification basically shows that you have a base
> understanding of the primary concepts across what are widely regarded
> as all the major areas if IT security knowledge (known as the Common
> Body of Knowledge or CBK).  This is a good thing if you are, or aspire
> to be, in a management position.
>
> Unfortunately the common perception of the CISSP by most non-IT
> security people (which includes HR staff) is that someone who is a
> CISSP is capable and competent in all areas of IT security.  Add to
> that the belief it is the best (or only) security certification they
> are aware of and it becomes "the" security certification in thier
> eyes.
>
> I have seen many job descriptions in my time and in the last few years
> it is rare to find one that does not either require or desire the
> CISSP.
>
> As for other certifications, the SANS certs are quite good although, I
> believe, they are about to get devalued by the removal of the
> practical requirement.  I would recommend getting the CISSP, maybe the
> GSEC (SANS security essentials cert) and then focusing on certs for
> products/systems within the area you will be working in.  But
> remember, the cert is just the starting point and the resume's foot in
> the door.  You need to study and get as much hands on as you can to
> actually learn your chosen trade.
>
>
> Good Luck,
>
> Adeel
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ