Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: CISSP-ISSMP
From: "Angelacci, Anna M CTR SPAWAR, J616" <anna.angelacci () navy mil>
Date: Tue, 9 May 2006 08:22:11 -0400

I disagree Nathaniel. I work with peers that do not have the CISSP. They
do know how to fill out templates required for submission of an SSAA,
but they have no clue about application of security controls and
attributes. They can't even complete a proper sentence if were not for a
spelling and grammar checker. They can run the scanners, mitigate the
risks based on the STIG references, but still have no clue what they are
doing. 

I lucked out by getting an NSA test bank for the CISSP. If I did not
have 7 years experience plus, in scanning networks, I would have failed.
I also must admit, I am an MCT, CCNA, CNE, Dell Certified Server Tech, a
3COM Certified Fiber Installer, have over 238 college credits, and have
worked for 27 years in the field. The CISSP does only test you on
security attributes if that is the test bank you were lucky enough to
draw. The test banks are designed to test you on application of the
attributes, not application of the DITSCAP. The point to remember in all
this is," Not one single person knows it all!" Working as a team and not
bashing your peers is a formula for success, not just certs.
Annie

-----Original Message-----
From: nat () morgothan com [mailto:nat () morgothan com] On Behalf Of
Nathaniel Hirsch
Sent: Monday, May 08, 2006 4:19 PM
To: Mohamed Abdel Kader
Cc: pen-test () securityfocus com
Subject: Re: CISSP-ISSMP


I recently got my CISSP.  The company that I work for paid for me to go
to a class, and take the test assuming I passed. If I failed then the
$500 would be on my nickle.  Thankfully I did not fail.  The main reason
they wanted me to get my CISSP is now they can charge more for the work
they contract me out to, this and you need it or some other equivalent
to do level 3 and 4 DITSCAP testing.  As for an ROI after I passed a got
a 15% raise which was nice, but I was also up for a raise, so I can not
tell you how much that was due to the CISSP, and how much was due to my
overall performance at the company.  Personally I feel that the exam and
certification process is a waste of time, and so does everyone else at
the company, but they are needed, or so they say.  However we have a guy
who works here who is a CISSP and a CEH(certified ethical hacker), and
to be truthful, he is quite possible the most worthless tester I have
ever had to work with, and everyone else in the office knows this.  So
having the cert doesn't make you good, and doesn't prove to anyone that
you have experience or skill.  It just proves that you can pick the
correct answer out of a four possible answer on a 250 question multiple
choice exam. As for giving an out of 10 scale for everything you
mentioned I guess they would all be 5s because it all really depends on
a lot of other things.  As for what job its good for, I would have to
say more managerial then anything else.  The topics covered are really
only puddle deep, not enough to know whats going on, just enough to know
that it is going on though.


Nathaniel Hirsch, CISSP
Xacta Corporation
656 Shrewsbury Ave.
Shrewsbury, NJ 07702

On 5/8/06, Mohamed Abdel Kader <makster12 () hotmail com> wrote:
Hi all,
I was wondering if anyone out there did the CISSP-ISSMP concentration.

I want to know the value added in the areas listed below, in an out of

10 scale for example:

    Total ROI
    Career Advancement
    Industry Demand
    Raise Potential

    Suitable for what job/position (not an out of 10 answer of course 
:))

I also want to know the material to study from.

Thanks a million.
MAK

----------------------------------------------------------------------
--------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the 
Analyst's Choice Award from eWeek. As attacks through web applications

continue to rise, you need to proactively protect your applications 
from hackers. Cenzic has the most comprehensive solutions to meet your

application security penetration testing and vulnerability management 
needs. You have an option to go with a managed service (Cenzic 
ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download 
FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your
results from other product. Contact us at request () cenzic com for
details.

------------------------------------------------------------------------
------



------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's 
Choice Award from eWeek. As attacks through web applications continue to
rise, 
you need to proactively protect your applications from hackers. Cenzic
has the 
most comprehensive solutions to meet your application security
penetration 
testing and vulnerability management needs. You have an option to go
with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm
your 
results from other product. Contact us at request () cenzic com for
details.
------------------------------------------------------------------------
------

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]