"... So having the cert doesn't make you good, and doesn't prove to anyone
that you have experience or skill.."
Definitely, and may go further and say the same about college, mba and even
about a Master degree.
The truth is, employers will probably not overlook certs, and thus if found
two candidates with similar profiles but one has some fancy words like MCSE,
CEH, CISSP, CSSP, CCIE or whatever on his CV, I bet the jackpot goes to
owner of all those acronyms :-) Thus CERTs are an added value for any IT
professional and for any employer who looks towards ROI on their human
capital.
IMHO, if u have the time, the will and the money...go for it...
Cheers--
-----Original Message-----
From: nat@morgothan.com [mailto:nat@morgothan.com] On Behalf Of Nathaniel
Hirsch
Sent: segunda-feira, 8 de Maio de 2006 21:19
To: Mohamed Abdel Kader
Cc: pen-test@securityfocus.com
Subject: Re: CISSP-ISSMP
I recently got my CISSP. The company that I work for paid for me to go to a
class, and take the test assuming I passed. If I failed then the $500 would
be on my nickle. Thankfully I did not fail. The main reason they wanted me
to get my CISSP is now they can charge more for the work they contract me
out to, this and you need it or some other equivalent to do level 3 and 4
DITSCAP testing. As for an ROI after I passed a got a 15% raise which was
nice, but I was also up for a raise, so I can not tell you how much that was
due to the CISSP, and how much was due to my overall performance at the
company. Personally I feel that the exam and certification process is a
waste of time, and so does everyone else at the company, but they are
needed, or so they say. However we have a guy who works here who is a CISSP
and a CEH(certified ethical hacker), and to be truthful, he is quite
possible the most worthless tester I have ever had to work with, and
everyone else in the office knows this. So having the cert doesn't make you
good, and doesn't prove to anyone that you have experience or skill. It
just proves that you can pick the correct answer out of a four possible
answer on a 250 question multiple choice exam. As for giving an out of 10
scale for everything you mentioned I guess they would all be 5s because it
all really depends on a lot of other things. As for what job its good for,
I would have to say more managerial then anything else. The topics covered
are really only puddle deep, not enough to know whats going on, just enough
to know that it is going on though.
Nathaniel Hirsch, CISSP
Xacta Corporation
656 Shrewsbury Ave.
Shrewsbury, NJ 07702
On 5/8/06, Mohamed Abdel Kader <makster12@hotmail.com> wrote:
Hi all,
I was wondering if anyone out there did the CISSP-ISSMP concentration.
I want to know the value added in the areas listed below, in an out of
10 scale for example:
Total ROI
Career Advancement
Industry Demand
Raise Potential
Suitable for what job/position (not an out of 10 answer of course
:))
I also want to know the material to study from.
Thanks a million.
MAK
----------------------------------------------------------------------
--------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's Choice Award from eWeek. As attacks through web applications
continue to rise, you need to proactively protect your applications
from hackers. Cenzic has the most comprehensive solutions to meet your
application security penetration testing and vulnerability management
needs. You have an option to go with a managed service (Cenzic
ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download
FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your results from other product. Contact us at request@cenzic.com for
details.
----------------------------------------------------------------------
--------
----------------------------------------------------------------------------
--
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise, you need to proactively protect your applications from hackers. Cenzic
has the most comprehensive solutions to meet your application security
penetration testing and vulnerability management needs. You have an option
to go with a managed service (Cenzic ClickToSecure) or an enterprise
software (Cenzic Hailstorm). Download FREE whitepaper on how a managed
service can help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
----------------------------------------------------------------------------
--
smime.p7s
Description: S/MIME cryptographic signature
