It sounds like this policy went into effect 10/1/03 from the looks of the posting. This is definitely new and was not on their site when I made my inquiry which was in 2002. The person was not mistaken as I called twice to be sure...it is a new policy that they are not verifying...and a good thing. It's nice to see. Thanks for pointing that out. Laura
-----Original Message----- From: Exibar [mailto:[EMAIL PROTECTED] Sent: Monday, April 05, 2004 4:46 PM To: Ron DuFresne; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Training & Certifications The person that Laura spoke to was mistaken, right from their website it states: In the interim, (ISC)2 Services, 2494 Bayshore Boulevard, Suite 201, Dunedin, FL 34698 USA, PH: 1.888.333.4458, FX: 1.727.738.8522, will continue to respond to any employer requests for (ISC)2 credential holder verifications. Such requests must be in writing on the employer's company letterhead and a release signature from the CISSP/SSCP must be included in the request. That's found here: https://www.isc2.org/cgi/directory.cgi Exibar ----- Original Message ----- From: "Ron DuFresne" <[EMAIL PROTECTED]> To: "Dave Howe" <[EMAIL PROTECTED]> Cc: "Email List: Full Disclosure" <[EMAIL PROTECTED]>; "Laura Taylor" <[EMAIL PROTECTED]> Sent: Monday, April 05, 2004 2:16 PM Subject: Re: [Full-Disclosure] Training & Certifications > > [orig snipped] > > This was recently posted to the firewall wizards list, and relates to this > topic; > > From: Laura Taylor <[EMAIL PROTECTED]> > Subject: RE: [fw-wiz] Seeking input: Research Proposal: "Is a third > position > possible?" > Cc: [EMAIL PROTECTED] > Date: Fri, 2 Apr 2004 10:30:33 -0500 > To: 'Crispin Cowan' <[EMAIL PROTECTED]>, > "'Holt, Philip'" <[EMAIL PROTECTED]> > > Something curious to know about CISSP is this.... > > I was thinking of hiring a person with a CISSP and called up ISC2 to > verify > if they really were a CISSP. ISC2 told me that they never verify if anyone > is a CISSP as it is an invasion of the person's privacy. I then asked them > how could I know for sure if this person really was a CISSP and told them > that the person was not listed in the CISSP database on the ISC2 web site. > They then told me that not all CISSPs are listed in the database because > some don't want to be listed. They told me that the only way to verifiy if > a person is a CISSP is to ask them for their certificate. I then asked > them if all certificates look exactly alike and can they tell me how to > know if a certificate it authenticate. I was told that all certificates do > not look exactly alike and that they have changed their look over the > years so there is no way to know if a particular certificate is real or > not. > > After much discussion, it became clear that they were not willing to > verify if anyone is a CISSP, and that there was no way for anyone to > really verify this information unless the person chooses to be listed in > the database on the ISC2 web site. I told them that in my opinion their > process for certification was not consistent with the concept of "trust, > but verify" and I ended up not hiring the person I had originally > interviewed. > > If a certification cannot be verified, to me it is worthless. I'd rather > hire an MCSE because Microsoft is willing to verify all their > certifications. > > The philosophies and ethics of 2600 could possibly be questionable, but I > dare say that ISC2 is not at all the organization that I once thought it > to be. > > Laura > > > > > Thanks, > > Ron DuFresne > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." -- Johnny Hart > ***testing, only testing, and damn good at it too!*** > > OK, so you're a Ph.D. Just don't touch anything. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
