2001-10-20-11:34:52 leon:
> What are some good well respected vendor neutral security
> certifications?
It really, really depends on who you ask. There are some who'd say
there's no such thing, and even some who'd defend that view with
substantive arguments about the nature of the field. I'm among
their number. There are obviously others who'll disagree.
> Is the CISSP the most respected one?
I think so. For computer security, CISSP seems to be it. There's
another one for auditing, which is a distinct specialization, with
some overlap.
> What are some of the benefits of being a CISSP?
Those who regard it as valuable will value it. Those who regard it
as worthless will not only not value it, they'll automatically
condemn you for having spent the time and money to acquire what they
regard as a worthless credential. All this really means is that you
need to be careful where and how you try and sell this credential,
present it to the wrong people and it could backfire.
To sum up the argument against certification, some of us feel that
the field is changing too rapidly for a certificate to mean anything
good --- it means that you spent a lot of time memorizing one
particular test-writer's set of prejudices, which were already long
out of date by the time the test was issued.
I don't really know how you would go about telling who you should
present the credential to, or when you should present it.
One thing that might help would be to subscribe to many good
security-related mailing lists[*], and read them. Some subscribers
mention in their .sig if they have a CISSP; hence you can get a feel
for the kind of opinions they offer, and perhaps gain a feeling
for where they fit into the industry. Then you can get an idea for
whether you'd like your name associated with theirs, and if so in
what contexts.
-Bennett
[*] Most of the good security-related mailing lists are hosted right
here at securityfocus.com, and their website makes it easy to find
'em.
PGP signature
