Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

basics logo Security Basics mailing list archives

Re: CISSP Question
From: Florian Rommel <frommel () gmail com>
Date: Wed, 02 May 2007 20:53:00 +0300
I agree with Nicolas here. I definitely wouldn't endorse a Desktop Jockey
with 4 years of experience. I already filed once a complaint because I know
a guy who, because he has some certifications and has worked as a pc
support, thinks he is qualified to take the exam. His "boss/ partner in
crime" was ready to sign off on it. I know for some people a certification
like the CISSP doesn't mean much but that still shouldn't mean anyone can
get in. I had my work experience fully documented by all my previous
employers  before I took the exam.

Security experience in any of the 10 domains for 4 years doesnt mean that
during those 4 years you should have done something security related at some
point it means that your position was directly security related.

//flosse
http://blog.2blocksaway.com


On 5/2/07 9:47 AM, "Nicolas villatte" <Nicolas.Villatte () chello be> wrote:


Not really, because 5% of your time involved in security during 4 years
would give you barely 2 months of experience. I don't know any CISSP who
would endorse such a candidate.

https://www.isc2.org/cgi/content.cgi?category=1187

"Applicants must have a minimum of four years of direct full-time security
professional work experience in one or more of the ten domains of the (ISC)²
CISSP® CBK®."

Regards,
Nicolas.


----------------------------------------------------------------------------
--------

Nicolas VILLATTE 

CISSP, GCIA, GCIH, GCFA

Sr. Security Management Specialist


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of krymson () gmail com
Sent: mardi 1 mai 2007 14:14
To: security-basics () securityfocus com
Subject: RE: CISSP Question

Just a quick add, don't overthink the 4 years' experience requirement. You
need that experience in any one (or more) of the 10 domains. Honestly, if
you're a desktop support jockey for 4 years and you do some sort of security
as part of your work (do you manage passwords and/or respond to spyware
incidents?), you can still qualify. Realistically, anyone with 4 years'
experience in IT.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]