Security Basics mailing list archives

RE: IT Manager to CISO

From: "Sanchez, Gabriel" <gabriel.sanchez () secoenergy com>
Date: Fri, 29 Apr 2011 15:13:27 +0000

Well respected or not CISSP continues to be what many companies look for to even get an interview. Sure if your only 
book smart you will not last long anywhere. However being able to show that you are able to obtain the CISSP and have a 
high level view of many concepts along with hands on experience goes a long way. Respected or not many CISSP's are 
making very good money and many respected people I know in the SAN's staff even have this certification. Putting a 
black mark on someone's resume based purely on having CISSP on it is ridiculous. 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jeremi Gosney
Sent: Thursday, April 28, 2011 4:30 PM
To: Jonathan Younie; olufemimogaji () gmail com
Cc: security-basics () securityfocus com
Subject: RE: IT Manager to CISO

I wouldn't exactly call the CISSP well-respected -- it's respected within certain circles and among certain types of 
people. I tend to view the CISSP as a black mark on a resume. We don't really place a whole lot of weight on 
certifications to begin with as there are very few that actually demonstrate practical knowledge / skill, but if CISSP 
is the only cert on the resume, it goes in the trash.

If upper management is your goal, my advice would be to go for both GSLC and G2700 (hopefully your organization does 
ISO 27000). At least you will still have a soul after obtaining those.

________________________________________
From: listbounce () securityfocus com [listbounce () securityfocus com] on behalf of Jonathan Younie [jonnyp4lsec () 
gmail com]
Sent: Wednesday, April 27, 2011 5:21 PM
To: olufemimogaji () gmail com
Cc: security-basics () securityfocus com
Subject: Re: IT Manager to CISO

Femi,

 From any standpoint, there's no comparing the two certifications. The
Security+ exam is an entry level exam suitable for most people who are
just entering the field. The CISSP is a well respected exam for people who are experienced and involved in designing 
and managing all forms of security at a high level. In fact, the certification requires being vouched for by other 
certified CISSPs and demonstration of numerous years of InfoSec related experience. It covers a broad spectrum of 
information and demonstrates a knowledge of industry standards rather than singular products or philosophies. Another 
exam you might consider is the Certified Information Security Manager (CISM) offered by ISACA 
[http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx].
This is an exam designed for high level security managers who have to cover all realms of security from a technical and 
administrative aspect.
Both of those are hard for anyone to scoff at.

Hope that helps.
Jonathan Younie

On 4/27/2011 4:37 AM, olufemimogaji () gmail com wrote:

Hi all,

I'm currently the de facto IT manager for a small IT services firm. The nature of our business requires that we 
follow PCI standards as per logical security. Here's the thing, the CISO is leaving next month, and I've been told 
I'll be taking his position. I already have a lot of exposure to info sec, I have a CCNP (the former version with 
ISCW) and a I'm an MCP (Active Directory for WS 2008). What I need to know is what cert I should go out there and get 
to make me more cemented in this new CISO role, at least to keep the auditors happy, as they sometimes like to 
question your competence. The outgoing CISO, even though he was trained by some of our partners, had NO certs, and 
this exposed him to uncomfy questions from hard nosed auditors. Security+ or CISSP exam? Or any others? Any form of 
guiding light will be highly appreciated.

Regards,

Femi M.




Sent from my BlackBerry(r) Smartphone



Sent from my BlackBerry(r) Smartphone

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and
who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

RE: IT Manager to CISO Sanchez, Gabriel (May 02)
- <Possible follow-ups>
- Re: IT Manager to CISO Mitchell Rowton (May 02)
- RE: IT Manager to CISO Bob Radvanovsky (May 02)