The C.P.A exam for accountants is a better comparison to the CISSP than the Bar exam is for lawyers if we are going to compare industry benchmarks. Eitherway, an internationally accepted stantard seems inevitable.
-Rafiyq On Sat, 26 Mar 2005 01:26:36 -0500, SecurityLSI <[EMAIL PROTECTED]> wrote: > I wholeheartedly agree that there needs to be an industry benchmark, > something that says you cannot operate in this field unless you have passed > x. I'm thinking along the lines of something similar to the Bar exam that > lawyers have to take, or perhaps a license like what doctors are required to > obtain before being able to practice. I fear its going to take something of > that level to truly separate the chaff from the wheat. Anything less and you > only end up with braindumps and bootcampers throwing resume after resume at > you. > > The added bonus of having an industry benchmark that bars entry into the > field tracks to something a mentor once told me: people that belong to > unions drive Chevys and Fords. Those that belong to associations drive BMWs > and Mercedes. > > --Joe > > ----- Original Message ----- > From: "Vladamir" <[EMAIL PROTECTED]> > To: "Jose Ribeiro Junior" <[EMAIL PROTECTED]> > Cc: <> > Sent: Wednesday, March 23, 2005 1:52 PM > Subject: Re: RES: [Full-disclosure] CISSP Test > > > CCIE is where it's at. > > > > I love writing practice tests, but I'm only 20, so what do I know > > > > Jose Ribeiro Junior wrote: > > > Hi Friends, > > > > > > What you think about CCIE certification model, practice and write tests > ? > > > > > > I think that is a good model to Security Certifications. > > > > > > But, can you create a practice tests not using especific vendors ? > > > > > > -----Mensagem original----- > > > De: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] nome de Vladamir > > > Enviada em: quarta-feira, 23 de mar�o de 2005 14:23 > > > Para: DAN MORRILL > > > Cc: [email protected] > > > Assunto: Re: [Full-disclosure] CISSP Test > > > > > > > > > Very good points, so.. who wants to start writing to the mentioned > > > organizations about this? > > > > > > DAN MORRILL wrote: > > > > > >>I think in reading the multiple threads on this issue, there there are a > > >>number of perspectives on the value of the CISSP. > > >> > > >>What was most interesting was the CEO's perspective. Since the CISSP is > > >>a boot camp, and the SANS is bootcampable in the longer run with the > > >>removal of the practicle. The real question is working towards a > > >>certificate that demonstrates ability to work in the security arena, one > > >>that is really hard to get, and one that really tests the ability to do > > >>the work. > > >> > > >>While CISSP and SANS are great to have as a resume filter, it does not > > >>imply that anyone with either certificate to their name can actually do > > >>the work. What I am seeing is that many people are going for these, and > > >>have them, but had them a result from an IDS system, or ask them to do a > > >>security design for either a network or a chunk of code, the ability to > > >>actually perform the task is not there, even though they have the > > >>certificate. > > >> > > >>Personally, I believe the community needs something, certificate, > > >>degree, internship, what ever, that actually means you can perform > > >>competently in the security arena. That there is a skill set there that > > >>the entire community agree's upon is the minimum recommended skill set > > >>to work in this field. If we had something like that, then any school > > >>that is pumping out Bachelors of Information Security folks would have a > > >>standard. Anyone building a bootcamp or certificate program would have > > >>an agreed upon community standard to work with. > > >> > > >>ISC2, ISSA, WSA, SANS, et al. Could build a board in conjunction with > > >>the community, develop the minimum qualifications to work in the field, > > >>and actually accomplish something once they have been certified or > > >>degreed. NSA has been hugely successful in developing security schools > > >>through James Madison, Boise, et al. But they have to agree to and teach > > >>to the minimum standard that NSA has put together to meet the needs that > > >>NSA has identified. > > >> > > >>I think until we as a community agree upon a minimum standard, apply it > > >>consistantly across the board much like doctors, lawyers, social > > >>workers, and other degreed or licensed professionals, we will continue > > >>to have this debate until the house burns down. As security > > >>professionals, as security folks, we have the same ability to either do > > >>good, or do harm as any other profession does. We need to understand > > >>this, and begin working towards skill sets either certificate or degree > > >>that actually mean something useful at the end of the day. > > >> > > >>My thoughts, flames invited. > > >>r/ > > >>Dan > > >> > > >> > > >> > > >>Sometimes MSN E-mail will indicate that the mesasge failed to be > > >>delivered. Please resend when you get those, it does not mean that the > > >>mail box is bad, merely that MSN mail is over worked at the time. > > >> > > >> > > >> > > >> > > >> > > >> > > >>>From: "Clement Dupuis" <[EMAIL PROTECTED]> > > >>>To: <[EMAIL PROTECTED]>,"'Vladamir'" > > >>><[EMAIL PROTECTED]> > > >>>CC: [email protected] > > >>>Subject: RE: [Full-disclosure] CISSP Test > > >>>Date: Wed, 23 Mar 2005 06:45:47 -0500 > > >>> > > >>>Robert E. Lee wrote: > > >>> > > >>>"SANS programs have little to do with security. I'm glad they changed > > >>>their > > >>>policy. They seem more honest now." > > >>> > > >>>Good day Robert, > > >>> > > >>>Honesty is a very neat goal to achieve, however it has many facets. > > >>> > > >>>I lately learned (under all reserve, please correct me if you know > > >>>otherwise) that SANS no longer has any NON PROFIT portion left. They > > >>>used > > >>>to be registered as a non-profit entity in the state of Maryland but it > > >>>seems that it was dissolved. Technically we could say there is no SANS > > >>>Institute left anymore as we knew it on the non profit side. After > they > > >>>dissolve SANS they created a FOR PROFIT corporation called ESCAL which > > >>>registered the names used in the non-profit as trademarks for their > > >>>new for > > >>>profit organization. Even thou you see the name GIAC and SANS being > used > > >>>everywhere, they are all trademark (not organizations) of the new > > >>>privately > > >>>owned company. > > >>> > > >>>Principals at SANS have NEVER claimed to be non-profit, it is a myth > > >>>that we > > >>>the people that have been dealing with SANS for a long time (since the > > >>>time > > >>>they were non profit) have been propagating. We have been keeping > > >>>this myth > > >>>alive simply because we did not know any better and we did not know > > >>>that the > > >>>non-profit was dissolved. It was done without any noise or public > > >>>announcement to the people that were already certified. > > >>> > > >>>So they NEVER lied but they never went to any length to inform people > > >>>of the > > >>>real and current status of their corporation activity. Most people > think > > >>>that GIAC is non profit which is not the case anymore and this better > > >>>explains the decision of dropping the practical requirement: it does > not > > >>>generate money and it is not a good business decision to keep something > > >>>alive that will become a drain on the bottom line. Which is a bit > > >>>contrary > > >>>to the reason given of improving the overall state of the security > > >>>community > > >>>:-) > > >>> > > >>>Take care > > >>> > > >>>Clement > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>_______________________________________________ > > >>>Full-Disclosure - We believe in it. > > >>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > >>>Hosted and sponsored by Secunia - http://secunia.com/ > > >> > > >> > > >>_________________________________________________________________ > > >>Express yourself instantly with MSN Messenger! Download today - it's > > >>FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > >> > > >> > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > Esta mensagem pode conter informacao confidencial e /ou privilegiada. Se > voce nao for o destinatario ou a pessoa autorizada a receber a mensagem, nao > pode usar, copiar ou divulgar as informacoes nela contidas ou tomar qualquer > acao baseada nessas informacoes. Se voce recebeu esta mensagem por engano > favor avise imediatamente ao remetente respondendo o e-mail e em seguida > apague-o. Agradecemos sua cooperacao > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
