Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: OSCP
From: christopher.riley () r-it at
Date: Wed, 17 Dec 2008 10:56:23 +0100

That's a common misconception (as I mentioned in previous messages). HR 
and (some) management think that a CISSP is a license to do anything 
security. Opinions on the CISSP vary so much, but personally I doubt the 
expertise of the CISSP qualified amongst us. I don't doubt that they know 
their stuff, but CISSP is too broad to be useful in a lot of circumstances 
(like penetration testing).

eduardo.dimonte () gmail com@inet wrote on 17.12.2008 10:00:14:

You are comparing two things that have nothing in common. CISSP does not
teach you how to do a pentest, and been an expert in pentesting does not
allow you to have the CISSP.



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] 
On
Behalf Of Gichuki John
Sent: martes, 16 de diciembre de 2008 21:47
To: christopher.riley () r-it at
Cc: andreg () gmail com; arivas () hyphensolutions com;
listbounce () securityfocus com; pen-test () securityfocus com;
pen-test-return-1078487582 () securityfocus com
Subject: Re: OSCP

I have seen this same problem so often it just eats me. I know a company 

that had a test done by Earnest and Young in Nairobi, and the only 
vulnerability that was found is the zone file transfer, and the guys are 

CISSP certified, so whenever we meet with my fellow group of pentester 
we laugh at it, saying,"u are vulnerable to dig!" Secondly u will see 
employers, like a company called Safaricom employing CISSP, and the 
other day i watched one of them trying to figure out how a SQLi really 
works.

I think CISSP is just a paper. But business is always business.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



----------------------------------------
Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908

Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. 
Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden. 
Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for 
exchange of legally-binding communications.
----------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault