Home page logo

pen-test logo Penetration Testing mailing list archives

Re: My Frustrations
From: Pete Herzog <lists () isecom org>
Date: Sat, 20 Dec 2008 10:05:10 +0100

Second, the number of times you see these questions come from 'certificed' professionals is silly. I frequently get forwards from lists full of CISSPs that post this kind of question, begging the world to wonder why anyone thinks that certification holds water. If not certified, from

Nowhere does an official statement stand that a CISSP is qualified to do security testing or security analysis. This is a market faux-pas. Who it was initiated by, I can guess. But the fact of the matter is that we shouldn't get down on CISSP carriers for being bad testers or analysts because the certification doesn't claim that they can be. The market is slowly realizing that it's not. It's the individuals that haven't realized it yet. They spent a lot of money, time, resources towards entering the profession and they want it to be worth something.

The closest I've seen to what a CISSP is supposed to be able to do is here: http://www.isc2.org/cissp-why-certify.aspx

Benefits of Certification to the Professional

    * Demonstrates a working knowledge of information security
    * Confirms commitment to profession
    * Offers a career differentiator, with enhanced credibility and
    * Provides access to valuable resources, such as peer networking
      and idea exchange


Nowhere does it show specialization or anything more than apparently a football fan would have for the game of football. We need to stop knocking the CISSP people and just understand they're mostly infosec fans who want to be more in the game. Next step, show them how to get good before they do any damage.

This is the reason why ISECOM offers the OPST, OPSA, OWSE, and OPSE-- not to supplant the other certifications but to foster the skills and abilities of those who want to be more than good in their fields- they want to have the right answers.


Pete Herzog - Managing Director - pete () isecom org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.isestorm.org

This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]