[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] CISSP Certification Penetration?

To: mark@bitshift.org (Mark C. Langston)
Subject: Re: [SAGE] CISSP Certification Penetration?
From: Jeff Tyler <jeff@jthome.jthome.com>
Date: Tue, 2 Mar 2004 13:17:01 -0700 (MST)
Cc: sage-members@sage.org
In-Reply-To: <20040302195800.GB52116@bitshift.org> from "Mark C. Langston" at Mar 02, 2004 11:58:00 AM
Organization: JT's home for unwed hackers
Phone: (520)-366-0415
Reply-To: jeff@jthome.jthome.com
Sender: owner-sage-members@usenix.org

"Mark C. Langston says:"
> 
(OP choped)
> 
> 
> Indeed.  From what I've seen, the "must have worked in security capacity
> for X years, must be vouched for by existing CISSP" requirement is being
> handily sidestepped these days, demonstrating that it's possible to turn
> pretty much anything into a purely paper certification.
> 
> (NOTE:  Just checked current requirements.  Seems they changed, or I
> misremembered them:  4 years' field work, or 1 year + degree, and
> vouchsafing by another CISSP or your employer or "another certified
> professional".)

Look again Mark, it's 4 years direct experience or 3 years direct
experience plus a degree.  Both require vetting by a CISSP or
"another certified professional".  Again, speaking as one who has
"stood up" for candidates I'm pretty picky.  Protecting my property
value ;-)

> 
> So, it looks to be just another 250-question multiple-guess cert, with
> a relatively high test cost ($450 or so).

Well, there is also an audit process for "selected" applicants.  I
know, I was audited and yes, they do check in some depth.

> 
> 
> To address the original poster's question, this means, in my mind, that
> the penetration will increase.  Now that anyone can cram and get one,
> and now that they're becoming prevalent as a hiring criterion, you'll
> see more of them (and the cert will be devalued as folks flock to get
> it).

Not sure I follow that, there is still a strong personal experience
requirement.  I'm not saying that an unqualified person can not get
a CISSP, given the existence of boot camps and the like there is
always the danger that a few folks who test well and know little
can slip through but I think on the whole that we defend the
certification pretty well.


Regards ... JT

-- 
===================================================================
|Jeffrey S. Tyler CISSP              Journeyman Sysadmin          |
|jeff@jthome.com                [Home phone/fax] 520-366-0415/0468|
|jeffrey.tyler@veridian.com     [Office] 520-533-0184             |
| -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| TANSTAAFL ! (There Ain't No Such Thing As A Free Lunch)         |
|                                           Robert Heinlein       |
===================================================================

Follow-Ups:
- Re: [SAGE] CISSP Certification Penetration?
  - From: Cat Okita <cat@reptiles.org>
- Re: [SAGE] CISSP Certification Penetration?
  - From: "Mark C. Langston" <mark@bitshift.org>

References:
- Re: [SAGE] CISSP Certification Penetration?
  - From: "Mark C. Langston" <mark@bitshift.org>

Prev by Date: RE: [SAGE] CISSP Certification Penetration?
Next by Date: Re: [SAGE] CISSP Certification Penetration?
Prev by thread: Re: [SAGE] CISSP Certification Penetration?
Next by thread: Re: [SAGE] CISSP Certification Penetration?
Index(es):
- Date
- Thread