Which is why I list that I have _had_ a CISSP, but am currently
non-financial.. It was too damn easy to pass and too damn hard to
keep up with the CPE point entry...
:) I was LAMN member #8 :) Best number :)
Cheers
Bret
At 03:38 PM 21/03/2009, Joe Teff wrote:
I notice certs like CISSP when
fwiw, I've interviewed my fair share of CISSPs who didn't have a basic
understanding of infosec... with the boot camps these days, people don't
learn anything... they cram for 1-2 wks, shoving everything into
short-term rote memory, and then they take the test and promptly forget
everything...
Hey John,
I like where your head is at - great list.
Regarding:
Builds adaptors so that bugs are automatically entered in tracking systems
Does the industry have:
1) A standard schema for findings, root causes, vulnerabilities, etc, and
the inter-relation of these key terms (and others?)
2)
hi sc-l,
For what it's worth, I am involved in the project with jmr...as is Sammy
Migues. jmr was our BSIMM participant from DTCC. Their software security
initiative is most impressive.
gem
On 3/22/09 9:08 AM, Mason Brown mbr...@sans.org wrote:
Jim Routh, CISO at Depository Trust and
On Sat, Mar 21, 2009 at 2:43 PM, Matt Parsons mparsons1...@gmail.com wrote:
I was asked the following questions on a job phone interview and wondered
what the proper answers were. I was told their answers after the
interview. I was also told that the answers to these questions were one or
On Sun, 22 Mar 2009, Gary McGraw wrote:
hi sc-l,
For what it's worth, I am involved in the project with jmr...as is Sammy
Migues. jmr was our BSIMM participant from DTCC. Their software security
initiative is most impressive.
I don't know much TOO much about supply chain issues, but I
Great idea but why would you say CISSP is meaningless or MCSE is
meaningless? Certifications are like technology. They have a place where
they fit. CISSP became so popular and prolific because of the vast field of
coverage (10 domains) that a certified practitioner had to study,
understand, relate
Hello everyone,
To reinforce Mason's request, we're looking for any collection of controls
(contractual, technical, people, process, etc.) that organizations should
request, demand, cajole, enforce, etc. when out-sourcing software development
to ensure the required software security in the
Here are the answers that I was given for the following questions by a
non-technical recruiter.
1. What are the security functions of SSL? Encryption and authentication
2. What is a 0 by 90 bytes error. Buffer over flow.
3. What is a digital signature, Not what it is? The
