lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <90691a990511250415nba01ea7v86e3a9bfaec0fa88@mail.gmail.com>
Date: Fri Nov 25 12:15:51 2005
From: markoer at markoer.org (Marco Ermini)
Subject: Hacking Boot camps!: certifications

The instructor in my CISSP CBK review camp - very useful and
informative, FOR MY MILEAGE; it was from The Training Camp in UK -
said that they introduced the limit of having some years of experience
in obtaining the CISSP, after a 12 y.o. passed the exam - he was the
son of a software programmer somewhat knowledgeable about security...

And I have to add: guys from USA, which are addicted into
one-out-of-four multiple choice exams because, for instance, they also
did that at school, driver license exams, etc. have a great advantage
over European-style educated persons like me, which for instance
rarely did University exams on paper: in the 90% of the University
exams, we are questioned "live" by the professor and we have to
demonstrate real knowledgeably of the argument through arguing and
speaking - we can't simply guess the multiple choices... this has
actually a drawback on this kind of tests: we may know a topic,
extensively talk about it, have real working experience on it, but
being not very good in doing multiple choice exams - while someone who
has more practice on this kind of exam could overcome our results even
if he/she knows HALF about the topic than me - I feel this unfair
(anyway, I passed the exam ;-)).

Back on the employers and DICE search... I don't think you can simply
compare different certifications in this way... they are very
different, and so employer requirements... and who knows, maybe the
116 GIAC positions are way better than the 677 CISSP positions... just
look at how many employers look at a simple and stupid CCNA
certification... you are not going to become rich because there are
10,000 open positions for CCNA certificated - they are simple "SHOW
LOG" guys :-) - or MCSE or MCSD Visual Basic developer..., etc.


Cheers

On 11/24/05, InfoSecBOFH <infosecbofh@...il.com> wrote:
> But my dear friends... one can lie and still get his CISSP.  I know of
> at least 3 different people who are NEW to infosec but faked some
> experience for their CISSP.  Hell, I lied on my application and got my
> CISSP yet I still ./ my way around the interweb.
[...]

--
Marco Ermini
Dubium sapientiae initium. (Descartes)
root@...an # mount -t life -o ro /dev/dna /genetic/research
(This message is for the designated recipient only and may contain
privileged or confidential information. If you have received it in
error, please notify the sender immediately and delete the original.)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ