Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs
Which is why I list that I have _had_ a CISSP, but am currently non-financial.. It was too damn easy to pass and too damn hard to keep up with the CPE point entry... :) I was LAMN member #8 :) Best number :) Cheers Bret At 03:38 PM 21/03/2009, Joe Teff wrote: I notice certs like CISSP when hiring. It says the person has a basic understanding of all IS security areas. Nothing more. If someone can't pass the CISSP then I have to wonder why. -Original Message- From: Paco Hope p...@cigital.com To: SC-L@securecoding.org SC-L@securecoding.org Date: Thu, 19 Mar 2009 11:36:45 -0400 Subject: Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs On 3/18/09 5:29 PM, Jeremy Epstein jeremy.j.epst...@gmail.com wrote: If you don't have a CISSP, CISM, MCSE, or EIEIO - and you're proud of it ...then I'd say you have an overly simplistic view of the world. Anyone who believes that a credential automatically conveys some magical knowledge that you didn't have before is just as overly-simplistic as someone who disparages all credentials equally. It just isn't a black and white world. Paco -- Paco Hope, CISSP, CSSLP Technical Manager, Cigital, Inc http://www.cigital.com/http://www.cigital.com/ ? +1.703.585.7868 Software Confidence. Achieved. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-lhttp://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.phphttp://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.comhttp://www.KRvW.com) as a free, non-commercial service to the software security community. ___ ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs
fwiw, I've interviewed my fair share of CISSPs who didn't have a basic understanding of infosec... with the boot camps these days, people don't learn anything... they cram for 1-2 wks, shoving everything into short-term rote memory, and then they take the test and promptly forget everything... this is especially true since the feds began mandating CISSPs for contractors... at least here in the DC metro, the pool of candidates has become extremely watered down over the last 5 or so years... Joe Teff wrote: I notice certs like CISSP when hiring. It says the person has a basic understanding of all IS security areas. Nothing more. If someone can't pass the CISSP then I have to wonder why. -Original Message- From: Paco Hope p...@cigital.com To: SC-L@securecoding.org SC-L@securecoding.org Date: Thu, 19 Mar 2009 11:36:45 -0400 Subject: Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs On 3/18/09 5:29 PM, Jeremy Epstein jeremy.j.epst...@gmail.com wrote: If you don't have a CISSP, CISM, MCSE, or EIEIO - and you're proud of it ...then I'd say you have an overly simplistic view of the world. Anyone who believes that a credential automatically conveys some magical knowledge that you didn't have before is just as overly-simplistic as someone who disparages all credentials equally. It just isn't a black and white world. Paco -- Paco Hope, CISSP, CSSLP Technical Manager, Cigital, Inc http://www.cigital.com/ ? +1.703.585.7868 Software Confidence. Achieved. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ Web: http://falcon.secureconsulting.net/ [ Random Quote: ] I think there should be something in science called the 'reindeer effect.' I don't know what it would be, but I think it'd be good to hear someone say, 'Gentlemen, what we have here is a terrifying example of the reindeer effect.' Deep Thoughts by Jack Handy ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs
Great idea but why would you say CISSP is meaningless or MCSE is meaningless? Certifications are like technology. They have a place where they fit. CISSP became so popular and prolific because of the vast field of coverage (10 domains) that a certified practitioner had to study, understand, relate to and practice if given a situation. I am strongly against any certification that touts that you would be able to change the world for good. As silly as it might sound, there are quite a handful of these. On the other hand, companies like CISCO and Microsoft offer certification that allow professional to get certified and demonstrate their ability to understand and take over the responsibility of the said position that the certificate applies to. Now, if you make a case against certifications just because it has become so easy to cram overnight and get certified in the morning, then that's not justice. There are 2 extremes to the spectrum and you see only 1. It's like giving the entire security industry (professionals with certifications mostly) becuase of a few (thousand) individuals who don't prove to be laible candidates to have obtained that certification. You can compare it to how the world panned out the meaning of the holy word Hacker to what it is today. Prasad On Wed, Mar 18, 2009 at 5:29 PM, Jeremy Epstein jeremy.j.epst...@gmail.comwrote: Colleagues, I'm pleased to announce the creation of LAMN, the Legion Against Meaningless certificatioNs. If you don't have a CISSP, CISM, MCSE, or EIEIO - and you're proud of it - this group is for you. You can join LAMN on LinkedIn by searching in the groups area. Unlike so many other certifications, LAMN doesn't charge fees, require outrageously overpriced exams, or demand check-the-box continuing education. Hope to see many people joining this group - and feel free to pass this along! --Jeremy P.S. After you join the group, you can proudly write your name John Doe, LAMN - which conveniently also stands for Letters After My Name. I can't recall who suggested the term to me, but would be happy to give credit if someone wants to step forward and claim credit. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ -- Thought for the day - Emails can hurt feelings. If this one did, please ignore your feelings. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs
I notice certs like CISSP when hiring. It says the person has a basic understanding of all IS security areas. Nothing more. If someone can't pass the CISSP then I have to wonder why. -Original Message- From: Paco Hope p...@cigital.com To: SC-L@securecoding.org SC-L@securecoding.org Date: Thu, 19 Mar 2009 11:36:45 -0400 Subject: Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs On 3/18/09 5:29 PM, Jeremy Epstein jeremy.j.epst...@gmail.com wrote: If you don't have a CISSP, CISM, MCSE, or EIEIO - and you're proud of it ...then I'd say you have an overly simplistic view of the world. Anyone who believes that a credential automatically conveys some magical knowledge that you didn't have before is just as overly-simplistic as someone who disparages all credentials equally. It just isn't a black and white world. Paco -- Paco Hope, CISSP, CSSLP Technical Manager, Cigital, Inc http://www.cigital.com/ [http://www.cigital.com/] ? +1.703.585.7868 Software Confidence. Achieved. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l [http://krvw.com/mailman/listinfo/sc-l] List charter available at - http://www.securecoding.org/list/charter.php [http://www.securecoding.org/list/charter.php] SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com [http://www.krvw.com/]) as a free, non-commercial service to the software security community. ___ ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs
Jeremy Epstein jeremy.j.epst...@gmail.com wrote: I'm pleased to announce the creation of LAMN, the Legion Against Meaningless certificatioNs. If you don't have a CISSP, CISM, MCSE, or EIEIO - and you're proud of it - this group is for you. Heh. I'm going to be giving a speech today in which I mention PMPs, CISSPs, MCSEs, MDs, JDs, DDSes, and other assorted CAS -- that's Certified Alphabet Soup. -Dave -- Dave Aronson: Have Pun, Will Babble | Work: davearonson.com | /\ ASCII | Play: davearonson.net | \/ Ribbon Specialization is for insects.| Life: dare2xl.com | /\ Campaign -Robert A. Heinlein | Wife: nasjleti.net| EmailWeb ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs
On Thu, Mar 19, 2009 at 11:14 AM, Benjamin Tomhave list-s...@secureconsulting.net wrote: gee whiz, what if you have letters after your name that aren't meaningless certifications (like MS or PhD)? :) Paragraph 13.4 subsection (B)(iv) of the LAMN bylaws allows earned degrees, but only if you had to take at least one really boneheaded class. You get to define boneheaded. also, what if you have meaningless cert letters after your name, but only because of peer pressure? are we still allowed to join? :) That's between you and the deity or non-deity of your choice :-) --Jeremy ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs
gee whiz, what if you have letters after your name that aren't meaningless certifications (like MS or PhD)? :) also, what if you have meaningless cert letters after your name, but only because of peer pressure? are we still allowed to join? :) Jeremy Epstein wrote: Colleagues, I'm pleased to announce the creation of LAMN, the Legion Against Meaningless certificatioNs. If you don't have a CISSP, CISM, MCSE, or EIEIO - and you're proud of it - this group is for you. You can join LAMN on LinkedIn by searching in the groups area. Unlike so many other certifications, LAMN doesn't charge fees, require outrageously overpriced exams, or demand check-the-box continuing education. Hope to see many people joining this group - and feel free to pass this along! --Jeremy P.S. After you join the group, you can proudly write your name John Doe, LAMN - which conveniently also stands for Letters After My Name. I can't recall who suggested the term to me, but would be happy to give credit if someone wants to step forward and claim credit. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ -- Benjamin Tomhave, MS, CISSP fal...@secureconsulting.net LI: http://www.linkedin.com/in/btomhave Blog: http://www.secureconsulting.net/ Photos: http://photos.secureconsulting.net/ Web: http://falcon.secureconsulting.net/ [ Random Quote: ] Dusting is a good example of the futility of trying to put things right. As soon as you dust, the fact of your next dusting has already been established. George Carlin ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs
On 3/18/09 5:29 PM, Jeremy Epstein jeremy.j.epst...@gmail.com wrote: If you don't have a CISSP, CISM, MCSE, or EIEIO - and you're proud of it ...then I'd say you have an overly simplistic view of the world. Anyone who believes that a credential automatically conveys some magical knowledge that you didn't have before is just as overly-simplistic as someone who disparages all credentials equally. It just isn't a black and white world. Paco -- Paco Hope, CISSP, CSSLP Technical Manager, Cigital, Inc http://www.cigital.com/ ? +1.703.585.7868 Software Confidence. Achieved. ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
