The Great Australian Ice Creamery might be as effective as CISSP for software engineers. I was wondering whether it was accidental or intentional that Ed Rohwer suggested "defiantly" looking at CISSP. Defiantly: "in a rebellious manner" or "boldly resisting".
[Ed. Thanks for the laugh, Jeremy! KRvW] > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Rucker Jones > Sent: Tuesday, March 22, 2005 11:11 PM > To: sc-l@securecoding.org > Subject: RE: [SC-L] certification for engineers/developers? > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You mean of course GIAC (www.giac.org and www.sans.org), not > GAIC. That is, unless You really want a security > certification from the Great Australian Ice Creamery > (www.gaic.com.au). > > -& > > > - -------- Original Message -------- > Subject: RE: [SC-L] certification for engineers/developers? > Date: Tue, 22 Mar 2005 13:43:54 -0700 > From: Edward Rohwer <[EMAIL PROTECTED]> > Reply-To: Edward Rohwer <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>, <sc-l@securecoding.org> > > Depending on where you want to go, defiantly look at the > CISSP, or one of the GAIC cert.'s Software "engineering" is > another subject entirely. Some people (a lot actually) would > argue that SE's are not engineers at all, since they are not > licensed by states or other governmental agencies like EE's > or other professional engineers. > > Ed. Rohwer CISSP > > - -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of j eric townsend > Sent: Tuesday, March 22, 2005 12:18 PM > To: sc-l@securecoding.org > Subject: [SC-L] certification for engineers/developers? > > A lot of people I know in IT are picking up certifications > and I'm wondering if there's any equivalent for software > engineers or product security > engineers. I have vague memories of QE/QA certifications for ISO > compliance, but a quick perusal of google and yahoo turns up > nothing for security engineers. > > The main reason I'm looking at certification is defensive -- > I've been in one too many meetings where someone's opinion > was given more weight because > of industry certification or advanced degree. As product > security and > secure development gets more visibility in organizations, > conflicts with IT (and other groups) start to happen over > things like trusted development > environments and product vulnerability escalation paths. > It seems like > everyone in IT has some sort of certification these days, > and the certifications are sold to upper management as a > method of knowing your employees have a certain level of knowledge. > > Of course, none of us in engineering have certifications. > Those of us with > formal education have degrees from a long time ago in an > academic world very far away. > > Being the sort who'd rather not bring a knife to a gun fight, > I figure I > should start getting myself some walllpaper as well. Maybe > I should just > sit for the CISSP, or maybe get something like Sun's JCP or > the IEEE CSDP > and be done with it? Or maybe go the academic route and get > a MS in CS? > - -- > [EMAIL PROTECTED] > > pgp: 0xF5F84C8F, 7405 0143 B665 303D D2E8 4257 95AD F02F F5F8 4C8F > > > > > - -- > GPG key / Schlüssel -- http://simultan.dyndns.org/~arjones/gpgkey.txt > Encrypt everything. / Alles verschlüsseln. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFCQOw2oI7tqy5bNGMRAn9xAKDSjlw0TMxYlkam3K9Ke8n0YnlX9gCfd1nM > vuVX94hrJPFnyB174BnyuX4= > =vHL/ > -----END PGP SIGNATURE----- > > >