Hi sc-l, I tend to agree with Prasad, though in a fit of fractal possibility, I also agree with Jeremy. Turns out I wrote something about this very issue in May 2007 for darkreading:
Certifiable http://www.darkreading.com/document.asp?doc_id=123606 gem (supposedly on vacation in SC) http://www.cigital.com/~gem On 3/22/09 4:35 PM, "Prasad Shenoy" <prasad.she...@gmail.com> wrote: Great idea but why would you say CISSP is meaningless or MCSE is meaningless? Certifications are like technology. They have a place where they fit. CISSP became so popular and prolific because of the vast field of coverage (10 domains) that a certified practitioner had to study, understand, relate to and practice if given a situation. I am strongly against any certification that touts that you would be able to change the world for good. As silly as it might sound, there are quite a handful of these. On the other hand, companies like CISCO and Microsoft offer certification that allow "professional" to get certified and demonstrate their ability to understand and take over the responsibility of the said position that the certificate applies to. Now, if you make a case against certifications just because it has become so easy to cram overnight and get certified in the morning, then that's not justice. There are 2 extremes to the spectrum and you see only 1. It's like giving the entire security industry (professionals with certifications mostly) becuase of a few (thousand) individuals who don't prove to be laible candidates to have obtained that certification. You can compare it to how the world panned out the meaning of the holy word "Hacker" to what it is today. Prasad On Wed, Mar 18, 2009 at 5:29 PM, Jeremy Epstein <jeremy.j.epst...@gmail.com> wrote: Colleagues, I'm pleased to announce the creation of LAMN, the Legion Against Meaningless certificatioNs. If you don't have a CISSP, CISM, MCSE, or EIEIO - and you're proud of it - this group is for you. You can join LAMN on LinkedIn by searching in the "groups" area. Unlike so many other certifications, LAMN doesn't charge fees, require outrageously overpriced exams, or demand check-the-box continuing education. Hope to see many people joining this group - and feel free to pass this along! --Jeremy P.S. After you join the group, you can proudly write your name <John Doe>, LAMN - which conveniently also stands for Letters After My Name. I can't recall who suggested the term to me, but would be happy to give credit if someone wants to step forward and claim credit. _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
