Home page logo

pen-test logo Penetration Testing mailing list archives

Re: My Frustrations
From: Pete Herzog <lists () isecom org>
Date: Sun, 21 Dec 2008 10:21:33 +0100

jwmeritt () aol com wrote:
Some CISSPs do know, and are worthy something, and have no desire to become wire-pullers or programmers. Look at the other areas - say, law.

I, for one, do not dispute the possible amount of knowledge which some people ascertain during their quest for the CISSP. However I think there's a danger for those working in security law, creating policy, drafting legislation, or enforcing such and not understanding security analysis. The CISSP does not offer that. It doesn't have to. But there should be no illusions about what one gains from it. That is the problem I see-- not the certification itself but what people think it means one can do.

To be a good security analyst, for example, does not involve the same skills needed to pull wires or program. However it does require strong critical thinking skills at the least to differentiate fact from marketing, bad statistics, slanted whitepapers, misguided metrics, and promotion-paid research.


This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]