Chris -
I agree with Dave Sims. The SSCP is less well-known than the CISSP,
but it is not "worthless". It is designed for security professionals
who have less real-world experience than that required for the CISSP.
It is a good stepping stone towards a later CISSP.
If you do not have the experience requirement to sit for the CISSP,
you should not be taking it. Proving your experience to ISC2 is not
the same as submitting a resume to your employer. The experience
requirement for both the CISSP and the CISA are there to ensure that a
person straight out of college with no real-life experience cannot
place the CISSP letters after their name.
It is somewhat analogous to not having a law degree unless you
complete law school and take your state bar exam. Yes, there are a few
states where you can challenge the bar without ever taking a single
class, but those are rare. Very few lawyers test out of the exam and
most of those work in a law firm as clerks or self-study all of the
relevant case law.
You will not be respected if you go into an interview and claim to be
a security expert just because you have a CISSP, GIAC, or Security+
certification. You will be respected if you have knowledge of security
best practices, if you can demonstrate experience using security tools
to locate and remediate known vulnerabilities, and if you meet the
other requisite knowledge, skills, and abilities for the position.
I have interviewed CISSPs who were immediately disqualified from
consideration because they could no longer remember any of the
terminology they crammed two years previously for the certification. I
had no respect for them and would tell anyone who asked me about their
qualifications not to hire them as well. I considered writing ISC2 to
revoke their certifications, but figured that would be petty. Their
potential employers will either know enough to not hire them or will
learn quickly enough that the person does not know his stuff.
If you really think the certification is just a green card for a job,
I hope you choose not to pursue it. KW
Kate Wakefield, CISSP
CISSP-Discuss moderator
vraptorz@yahoo.com
--- In CISSP-Discuss@yahoogroups.com, Christopher Baker <chris@c...>
wrote:
I have heard one person say that he thought that the SCCP was
worthless. And why should I aim low?
If a piece of paper doesn't earn respect, then why do people get them?
Chris
============================================================
"The best argument against democracy is a five-minute
conversation with the average voter."
--Winston Churchill
============================================================
Chris Baker -- www.chrisbaker.net
chris@c..., chrisbaker@i...
"When you stop growing, you start dying."
--- Responding to:
From: "Dave Sims" <davesims2@...>
Date: Sat Mar 5, 2005 11:36 am
Subject: RE: [CISSP-D] CISSP, is it respected?
I believe that CISSP is one of the most respectable certifications one
can aspire to. However, if you think a piece of paper will earn you
respect you are missing the point. The CISSP certification is a
professional credential designed for experienced security
professionals. If you meet the experience standards as written on
ISC2.ORG you should, by all means, begin study and take the test, if
you don't, you should consider the SCCP certification. It is designed
as an intermediate step to CISSP.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
<*> To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
