On Sun, 10 Dec 2000, Bill Royds wrote:
[Once again, I'm employed by TruSecure, this is my personal opinion and
may not accurately reflect anything anyone else thinks.]
> There are already several different IT security certifications such as CISSP.
> How does this differ or improve on the CISSP, and SANS GIAC certifications?
The first-level certification isn't aimed directly at security
professionals. It's people who don't update IIS, people who run wu-ftpd
on Web servers, and people who think permit any any is a valid firewall
rule. None of the other programs really try to take care of the "hard
part" of admins who aren't security admins. That's probably the main
differentiator as I understand it. For the higher-level certifications, I
think ours will be more "hands on", but I can't see a scenerio where
either of the two certifications you mention wouldn't be accepted as
contributory material. We're not in the education business, so I can't
see why for instance SANS' courses wouldn't be perfectly acceptable for
meeting portions of our criteria.
> Certainly independent certifications are better than product specific
> ones but is this really independent?
Yes, it's really independent.
> What is the purpose of this certification? Is this a theoretical one, a
> practitioner's one or a manager's one?
It's three certifications, the base one being totally vectored to
hands-onish and "minimum required knowlege" type things, and the other two
being "engineerish" and "architectish" as far as I understand.
> Although TruSecure (n�e ICSA n�e NCSA) has a fairly strong reputation, it
> still is a commercial organisation without an academic backing in
> certification. On what basis should I believe that a certificate from
> ICSA will be recognised as denoting competence?
Obviously, like any certification you should use the criteria to discern
if the program tests what you expect to use, and to see if it tests to a
level which will provide you with any value.
I wouldn't take any certification at face value, just as I wouldn't take
any certified candidate at face value. My "CISSPs I've met who have a
clue" measurement is up almost to 50%. I think I've met two MCSEs who
really knew TCP/IP so far. I'm still searching for a clueless CCIE.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
