This discussion thread was discussed in 1997 also, Luke: Use the CISSP
mail thread.
/mark
[EMAIL PROTECTED] (WMC, O'Gorman, James)
Sent by: [EMAIL PROTECTED]
04/06/00 02:03 PM
Please respond to jameso
To: [EMAIL PROTECTED]
cc:
Subject: Re: Qualifications
I agree and disagree with you.
First off, I agree that a company should pay for training classes for
the employees. This is simply an investment in the current of workers,
and if it helps them do the job better it helps the company. The other
thing it that security teams should be up on current events and have a
very through knowledge of networking and computing in general, along
with investigative skills.
I disagree that certs are the way to do this. I would take a person with
experience and a good knowledge base over someone with a cert. Certs
just mean you test well, they make HR feel happy about hiring them.
Certs give people that don't have the time/will/knowledge to correctly
evaluate a potential hires knowledge base a benchmark they can compare
them too. If you are really concerned that your security team knows what
they are doing, the best way is for you to learn more/as much as them
and then evaluate for your self if they have what it takes to do the
job.
And you also have to remember that simply being a good networking
guru/system admin does not make a good security person. They also have
to a very good understanding on how to correctly investigate incidents.
Computers are only part of the picture.
Jim
"Burtt, Keith" wrote:
>
> I have a request. I'm in a battle trying to get the company to pay for
> classes to have folks in my group certified. I want all to be certified
as
> MSCE, Networking and Unix. The VP I'm dealing with says no one in any
other
> company has certified people in their Security Groups. So I'm looking
for
> your views and attempting to locate companies in the Cleveland area I
can
> have a conference call with to discuss this with me and the VP. Maybe
I'm
> losing it but my views are the security teams should be the cream of the
> crop for investigation purposes, etc.
>
> Thanks in advance for any and all replies,
>
> Keith M. Burtt
> Manager, IT Security Administration
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
