Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: RE: RE: Notes from CISSP class with Dr. Eric Cole
From: f_kenisky () earthlink net
Date: 12 Oct 2005 12:40:30 -0000
Hummmm...

Interesting but it's not funny if you have to explain the punch line.

I'm not trying to be mean or ridicule your comment.  I will try to explain.  About four years ago MS began to realize 
that secure coding was important.  This after years of trial and error.  They (MS) never really gave "security" much 
thought.  Then after being proded by the industry they decided to go in the direction of "secure coding" without any 
more knowledge and they did before.

They hired someone with vast knowledge in a field unrelated to 'infosec' and put them incharge of 'secure coding'.  
This isn't considered in any security course (if you paid attention in class) the correct method of doing things.  
(Please don't take this as a direct slam at your lack of MS knowledge but more like a Discovery Channel Special).

Then because of industry pressure MS decides to offer a MS 'Security' Certification.  Hummmm...

Interesting that they don't think someone holding a CISSP, CISA or a CISM is qualified to teach MS Security.  So the 
logic behind this knee jerk reaction to the industry is that MS knows how it "WANTS" to do security not how the 
industry demands it should be done.

Of course, I'm only providing you the punch line so you can get the joke don't take this personally.  What I find 
interesting is that if you've ever taken a SANS security course in the beginning.  (And I mean with SANS first started 
out before it ever offered the "G" certifications.) the people offering the classes had "0" certification.

Stephen Northcutt, Alan Pallard and many others who are currently teaching classes.  Now what made them have the 
knowledge to create the "G" certifications and how could they have taught CISSP classes without a CISSP?  But you don't 
see the humor in the fact that MS required someone to be MS "security" certified before it could teach one of it's 
classes.

Now that's funny!

Frank Kenisky IV, CISSP, CISA, CISM
Information Systems Security Specialist

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]