| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.GSO.4.58.0503291637530.11394@kungfunix.net> Date: Wed Mar 30 00:59:36 2005 From: root at nullrouted.us (J. Oquendo) Subject: RES: CISSP Test On Tue, 29 Mar 2005, R Mondesir wrote: > The C.P.A exam for accountants is a better comparison to the CISSP > than the Bar exam is for lawyers if we are going to compare industry > benchmarks. Eitherway, an internationally accepted stantard seems > inevitable. Funny thing is, outside of the USA, I barely see people abroad toss in fifty different little signatures when they send out mail. Joe Blow SCSA, CISSP, CCIE, CCDA, MCSE, FOOL, PWND, OVRKL 55 Main Street London Bridge With the exception of the Cisco certs, I can't recall seeing someone "tag" their CISSP status coming from somewhere outside of the United States. Not to say it is not important, but sigs (and this is all they mean to me... signatures) are becoming overrated and bloated. Its like "Yea well I just obtained my Symantec Uber Certified Klassification! Now I can add a SUCK to my sig!" Give me a break. I should for kicks dig through some of the mailing lists I'm on and point fingers at CCDA's, MCSE's, CISSP's, and other little signature devils who ask questions a 16 year old can answer. There are those who take tests, and there are those who don't. I'm sure many on this list know someone who is supposed to know but is actually a clueless gimp. > > I wholeheartedly agree that there needs to be an industry benchmark, > > something that says you cannot operate in this field unless you have passed > > x. I'm thinking along the lines of something similar to the Bar exam that Industry benchmark? Sure there should be some overall knowledge of just about everything but how do you define the unknown which is what most computer security is at its core. Well I guess I'm looking at it from a Greyhat perspective. How do you expect someone to learn vulnerabilities that pop up. It takes a little more than reading and memorizing some book. Bottom line in my opinion. > > lawyers have to take, or perhaps a license like what doctors are required to > > obtain before being able to practice. I fear its going to take something of > > that level to truly separate the chaff from the wheat. Anything less and you > > only end up with braindumps and bootcampers throwing resume after resume at > > you. It will not separate any chaff from the wheat. How many people just dive into books and pass exams? With the CISSP, one is supposed to have an alloted amount of time in the field. Sure lets debunk this moronic notion of them validating this... Joe Blow worked for Foo Financial for 10 years. 9 of those years where in the mailroom. His brother in law works in the compsec department and convinced his boss to `give him a chance`. Joe Blow with one year experience studies for that one year. Applies to take the test with (get this) 10 years (oh my he has some experience (do he not!) under his wing. Joe Blow gets his sig and becomes a sig nazi. Whoopdeedoo. So much for standards. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x0D99C05C http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0D99C05C sil @ infiltrated . net http://www.infiltrated.net "How a man plays the game shows something of his character - how he loses shows all" - Mr. Luckey
Powered by blists - more mailing lists