Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Notes from CISSP class with Dr. Eric Cole

RE: Notes from CISSP class with Dr. Eric Cole

From: Harley David <David.Harley_at_cfh.nhs.uk>
Date: Thu, 13 Oct 2005 08:50:56 +0100

Can we get a little balance back here?

CISSP is not a purely paper qualification that anyone with the
money to take the exam can get. It requires, apart from
sufficient knowledge to pass the exam, proven experience in
security. What it doesn't require or prove is specialized
technical knowledge and experience in any particular security
area.

It's a reasonable requirement for some kinds of managerial
role in itself. It may not be sufficient for a technical
or hybrid manager. It isn't, in itself, always a
sufficient requirement for a technical role, though it
may, in combination with other certification or experience
appropriate to the role, provide necessary reassurance that
the candidate isn't too focused on a narrow area. It doesn't,
in itself, prove the holder's fitness to administer IDS,
or a firewall, or PKI, or pen-testing, or even AV, and
any company that hires people for such roles purely on
the strength of the acronym CISSP is risking (at least)
disappointment (but I'm not sure that companies are
generally so naive).

What it certainly doesn't do is prove that the holder
is a fraud or incompetent. It's been described as a
broad but shallow, but holding it is not proof that the
holder is -or- isn't expert in one or more specialist areas.
It indicates a proven level of knowledge which is sufficient
for some roles and not for others, and I'm not sure it's
productive to attempt to define too closely which roles
its sufficient for. That depends on other factors such
as experience, other qualifications, and willingness to
train (or be trained) further.

Could we please get back to web security now? 

-- 
David Harley 
This e-mail is confidential and privileged. If you are not the intended recipient please accept our apologies; please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Please inform us that this message has gone astray before deleting it. Thank you for your co-operation.
Received on Oct 13 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]