Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [CISSP-D] Re: [securitytech] CISA -- was: CISSP, is it respected?

from [Clement Dupuis] Network Security [Permanent Link]
Subject: RE: [CISSP-D] Re: [securitytech] CISA -- was: CISSP, is it respected?
Date: Mon, 7 Mar 2005 17:00:05 -0500 

Good day Larry,

I think that Rob has responded well about the differences between the two
certification bodies.  SANS has a whole collection of certifications versus
having a few certifications.  At the beginning of SANS when they had only
the first 4 certifications I must admit that the quality and content was
first class and directly based on consensus of experts out in the field.

Today, this has changed greatly now that you find close to a dozen and a
half certifications, it is obvious they were NOT all written based on
consensus out in the field.  Some of them were produced by a very small
group of people related to the specific certification. You can definitively
feel it.

The SANS cert cover one specific area of expertise, it could be Firewall,
Intrusion Detection, Hacking, Forensic, Incident Response, etc... etc...
The certification is giving you only a limited view of what security is as a
whole.  It is what I call pure "Training" and NOT education.  When you train
someone you show them how to complete tasks step by step.  You are faced
with situation X you then complete the following tasks.  Such an approach is
not sustainable in real life. As a security professional you are expected to
know a lot more and be able to understand how the specific piece of the
puzzle fits with the other pieces.  

The greatest challenge to the SANS certification process is to prove that a
totally unsupervised paper that was written by the candidate over a six
month period and the two corresponding exams that are also unsupervised and
taken over a web interface is a good way of ensuring any integrity in their
certification process.  The exam could have been taken by anyone and the
paper written by anyone as well.  I do not think this is the best way of
doing testing and validation of knowledge.  Do you know of any formal
education faculty that would do this??  Everyone you know would have a
doctorate.  I prefer the old paper based delivery that ISC2 have been using
even thou it was criticized, at least identity are being properly validated
and exams are not posted all over cram sites.

SANS used to have the lead as far as recognition is concerned and job offers
associated with their certification were giving premiums.  However, some of
the latest survey have demonstrated clearly that technical certifications
such as SANS have severely dropped in the past 12 months.  An employer wants
more than a techie looking after their security.  It is a new trend that
will only get worst as executives gets more educated on security issues and
proper governance.  So I would advise you to get sound technical knowledge
but also a full view of the security world as well.  Business is now driving
the requirements and no longer is it driven by the technical side.

Take care

Clement




  


So I was responding to a thread where the person used
the word to mean that they were TAKING the exam.
Certifications can only measure your ability to SIT
FOR / WRITE / TAKE / PASS an exam and to master basic
CBK material. Some certifications have additional
compenents, such as the GIAC which required that you
first write an original paper and THEN take a multiple
guess test. But again, you can "cram" for these and
still not be a very good security professional.  KW

Kate Wakefield, CISSP


I remain very interested in knowing the practical, real-world
differences between the CISSP and GIAC certifications. There has been
plenty of discussion about the inherent conflict of interest of the
certifying bodies (ISC2 and SANS), but I'm more interested in finding
out how the marketplace views and values these certifications, with
the understanding that an individual with a certification and nothing
else is not much of an asset to any organization, as has been noted
earlier.

Cheers,
-- 
Larry Gadallah
Sammamish, WA
lgadallah AT gmail DOT com


 
Yahoo! Groups Links



 








 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [CISSP-D] Re: [securitytech] CISA -- was: CISSP, is it respected?, Larry Gadallah
Next by Date:  Re: [CISSP-D] Re: CISSP, is it respected?, JOAN ARCHER
Previous by Thread:  [CISSP-D] Re: CISSP, is it respected?, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  RE: [CISSP-D] Re: [securitytech] CISA -- was: CISSP, is it respected?, Clement Dupuis
Indexes:  [Date] [Thread] [Top] [All Lists]