lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue Dec  6 20:09:12 2005
From: ccarpenter at dswa.net (Christopher Carpenter)
Subject: IT security professionals in demand in 2006


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of wilder_jeff Wilder
Sent: Tuesday, December 06, 2005 12:41 PM
To: buford.t.pisser@...izon.net; full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] IT security professionals in demand in 2006

I didnt know that they gave out scores?... have they started doing that?



-Jeff Wilder
CISSP,CCE,C/EH



-----BEGIN GEEK CODE BLOCK-----
  Version: 3.1
	GIT/CM/CS/O d- s:+ a C+++ UH++ P L++ E- w-- N+++ o-- K- w O- M--
	V-- PS+ PE- Y++ PGP++ t+ 5- X-- R* tv b++ DI++ D++
	G e* h--- r- y+++*
------END GEEK CODE BLOCK------





>From: "Buford T. Pisser" <buford.t.pisser@...izon.net>
>To: full-disclosure@...ts.grok.org.uk
>Subject: Re: [Full-disclosure] IT security professionals in demand in 2006
>Date: Tue, 06 Dec 2005 13:44:41 -0500
>MIME-Version: 1.0
>Received: from lists.grok.org.uk ([195.184.125.51]) by 
>bay0-mc7-f3.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 6 
>Dec 2005 11:02:15 -0800
>Received: from lists.grok.org.uk (localhost [127.0.0.1])by 
>lists.grok.org.uk (Postfix) with ESMTP id BFFB8A13;Tue,  6 Dec 2005 
>19:00:50 +0000 (GMT)
>Received: from vms044pub.verizon.net (vms044pub.verizon.net 
>[206.46.252.44])by lists.grok.org.uk (Postfix) with ESMTP id A9D0CBA0for 
><full-disclosure@...ts.grok.org.uk>;Tue,  6 Dec 2005 18:44:54 +0000 (GMT)
>Received: from [192.168.254.1] ([64.111.148.124])by vms044.mailsrvcs.net 
>(Sun Java System Messaging Server 6.2-4.02(built Sep9 2005)) with ESMTPA id 
><0IR3005S5AQJKDW4@...044.mailsrvcs.net> 
>forfull-disclosure@...ts.grok.org.uk; Tue, 06 Dec 2005 12:44:43 -0600 (CST)
>X-Message-Info: JGTYoYF78jE+aOizAzTLL45gEFpM1aEsx0aWQEqmiWM=
>X-Original-To: full-disclosure@...ts.grok.org.uk
>Delivered-To: full-disclosure@...ts.grok.org.uk
>X-Accept-Language: en-us, en
>References: 
><6450e99d0512041801p4adf24bclb8deaeefd203fa9a@...l.gmail.com><00bc01c5f945$fc232af0$0100a8c0@...learwinter><1f1991610512050808r2a32795fw2e17d932e8cbf9c@...l.gmail.com><017f01c5f9c7$f0820c70$0100a8c0@...learwinter><1f1991610512051145h1c38f612k95068a437c93319b@...l.gmail.com><01e601c5fa02$3a96ff20$0100a8c0@...learwinter><4395CFC1.90607@...securitygroup.com>
>User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
>X-Mailman-Approved-At: Tue, 06 Dec 2005 19:00:37 +0000
>X-BeenThere: full-disclosure@...ts.grok.org.uk
>X-Mailman-Version: 2.1.5
>Precedence: list
>List-Id: An unmoderated mailing list for the discussion of security 
>issues<full-disclosure.lists.grok.org.uk>
>List-Unsubscribe: 
><https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, 
><mailto:full-disclosure-request@...ts.grok.org.uk?subject=unsubscribe>
>List-Archive: <http://lists.grok.org.uk/pipermail/full-disclosure>
>List-Post: <mailto:full-disclosure@...ts.grok.org.uk>
>List-Help: <mailto:full-disclosure-request@...ts.grok.org.uk?subject=help>
>List-Subscribe: 
><https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, 
><mailto:full-disclosure-request@...ts.grok.org.uk?subject=subscribe>
>Errors-To: full-disclosure-bounces@...ts.grok.org.uk
>Return-Path: full-disclosure-bounces@...ts.grok.org.uk
>X-OriginalArrivalTime: 06 Dec 2005 19:02:15.0871 (UTC) 
>FILETIME=[92BBBCF0:01C5FA97]
>
>I was already in the door and had been doing the work for years. Then the 
>"Company" decided that I needed the Cert to make myself saleable to 
>perspective customers. I went to Borders and picked up a copy of "CISSP For 
>Dummies". Cracked the book 2 nights before the test to take the practice 
>exams. Scored a 92 on the exam and put the book away. We were given 6 hours 
>to complete the exam. They handed the exams out at 9:15. We started the 
>test about 20 minutes later. At 11:45 I was sitting in the resort 
>restaurant with my two sons eating breakfast. I would not howerevr put down 
>the significance or value of the CISSP certification. With it I doubled my 
>salary within less than 4 months of having obtained it. My ex employer  
>paid for the  cert,  but refused to budge on the raise promises that were 
>made to get me to go for the cert. But then a gain, I did say ex-employer.
>
>Marvin R. Myers CISSP
>
>Scott Renna wrote:
>
>>The certs get you in the door
>>
>>Being crappy at your job and showcasing your shortcomings will show you 
>>out the door.
>>
>>sk wrote:
>>
>>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/


Ditto.  As of April 2004, they weren't publishing scores.  According to https://www.isc2.org/cgi-bin/content.cgi?page=814#retest:

"As a matter of (ISC)? policy and good testing practice, (ISC)? does not report numeric scores to passing candidates. Passing candidates are not issued numeric scores in order to (a) be in compliance with testing industry guidelines, and (b) to protect candidates from those who could misinterpret the meaning of the numeric scores (employers, for example).

The (ISC)? examinations are referred to as "high stakes examinations" and are constructed using a criteria-referenced test design. A criteria-referenced test is not intended to compare candidates' performance against that of other candidates but rather to compare a candidate's performance against an absolute set of criteria. For example, an employer may erroneously assume a candidate with a score of 850 is more competent than a candidate with a score of 750. Actually, tests of this design (strictly constructed certification or licensing examinations) are not able to make such a distinction. It can only accurately be stated that both candidates possess the minimum competencies necessary to hold the credential.

Unlike the case of passing candidates, it is important for failing candidates to be provided with an overall numeric score, in addition to the diagnostic relative strength and weakness information, so the candidate can assess the level of effort and areas needing more or less attention to prepare for a retake of the examination."

Sorry for the large paste.

Chris

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ