> > > Although point entry is tedious, it keeps the cert honest. You > can't spend 3 > > years converting oxygen into CO2 and remain certified. You actually have to > > do a few things. A CISSP person who has renewed once or twice is quite > > different from someone who has passed the exam after a cram > session. Someone > > who certified once and lets their certification lapse is indistinguishable > > from the marginally-qualified candidate who crammed, passed, but ultimately > > couldn't maintain their cert.
OK I'll bite... 1. entering the CPE points was the drag - the interface was horrible and slow. 2. I didn't do a cram session - after 12 years as a it security manager I passed it in 40 minutes (and I had actually been through the questions three times by then) 3. To be honest I didn't expect otherwise - the exam was intended to certify people with the appropriate experience - originally, then someone found out what a money spinner it was to run cram schools for it since the questions are multiple choice - that is where the value of CISSP was lost. To me having a CISSP is a good measure when I'm looking for a mid-level consultant, not a junior. If the mid-level consultant doesn't have the CISSP - then good chance they are padding their experience. However if they renew it - I just consider their last company was willing to fund it. I find certifications are useful for two things only 1. it proves you can pass the exam, no matter that you went to the cram school or not - something must have stuck. 2. HR likes it because its easy to filter resumes Without the experience - someone with a cert is like someone with a degree - no experience to be able to convert knowledge into practice. Of course certs with real practical exams are something else - I'll pay them any day. SANS, CISCO, MS all have these and they have real value - you can't cram for them and they actually test your ability to extrapolate from your knowledge into the real world. Cheers Bret _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
