Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: CISSP

from [R. DuFresne] Network Security [Permanent Link]
Subject: Re: Re: CISSP
Date: Wed, 27 Dec 2006 21:24:03 +0000 (UTC) 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 27 Dec 2006, Rob Meijer wrote:

On Tue, 19 Dec 2006, R. DuFresne wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 4 Dec 2006, dfullerton@mantor.org wrote:

Then I wonder if this certification should really have this kind of notoriety. 
Looks like it's not technical and if an 11 years old boy can complete this cert 
...it's not about security management experience either.

Anyone can give me some good reason to acquire CISSP while not being related to money and the wannabe marketing-made notoriety? 

To get hired.  It's a requirement for most companies seeking security
folks, some companies will hire you without, if you can show experience
in the field, and require you get one shortly after being employed., and
for any of the agencies that assist with those seeking employment in the
field.  If you are seeking experience in the field by hiring thru agencies
that will market you for security type work, a CISSP is a most, in most
cases upfront to get a foot in the door.


To me it sounds like you got it backwards.
It is large quantities of 'skill and experience' that is a requirement,
and some companies will hire you without if you have certifications like
CISSP and they are on a tight budget.

I would sugest to use the folowing rules of thumb with respect to
certifications:

* less 5 years relevant experience: get certified, if not for the
 knowledge, get them to get payed more !
* more than 10 years of relevant experience: certification is
 completely useless, don't bother.
* 5 to 10 years relevant experience and an empty or not fully verifiable
 resume: get certified, it compensates.
* 5 to 10 years relevant experience and a verifyable resume with some
 highlights in it: if you realy want a specific job that requires it,
 than get certified, otherwise, find a employer that does apreciate your
 skills and experience.


which might well work, if one could get around HR weinies and the pre-screening agencies that many companies rely upon these days. but yes, this was a valid route to consider back about 10-15 years ago. Times change and sometimes not for the better....


Thanks,

Ron Dufresne
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFkuR3st+vzJSwZikRAomNAKCFejZP3BDnYs2I13hkVFcRwPik3gCgqD/u
aEIshz1o81j5G89tiDC0i5c=
=E4lF
-----END PGP SIGNATURE-----

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Banner Grabbing, sami ghourabi
Next by Date:  Some help on methodologies and reports, Nikolaj
Previous by Thread:  Re: Re: CISSP, shyaam
Next by Thread:  add a local admin user without a pop-up ?, me
Indexes:  [Date] [Thread] [Top] [All Lists]