As far as I know for a degree, usually the university runs through a
verification on the pre-requisite qualifications which is not so simple
to cheat. For CISSP certification, I though there is at least one CISSP
professional required that should vouch for the person interested in
taking the test. No checks has been done on this as well.
The basic tenet of the integrity of security professional has been
broken on this ground. We sure looking at increased numbers of CISSP
without proper experience in the near future.
Rgds,
FW
-----Original Message-----
From: Dante Mercurio [mailto:Dante@webcti.com]
Sent: Wednesday, February 16, 2005 10:20 PM
To: Fu Wang, Thio; Varun Pitale; security-basics@securityfocus.com
Subject: RE: CISSP without experience
The same could apply to just about any certification and/or degree. Can
someone lie on their CISSP application, pass the test, and receive a
CISSP certification? Yes. Does that break the ethical rules regarding a
CISSP? Yes. A potential employer looking for someone with a CISSP should
be educated enough in their needs to understand someone with only a year
or two would not be able to do the job anyway irregardless of a single
test passed for a certification.
Not sure what the job market is where you are, but near D.C., most jobs
requiring a CISSP also require a 4 year degree and a number of years
experience in the industry. While the CISSP is a good certification, it
shouldn't be a license into a position. There are a lot of other
mitigating factors.
I'd question any job that just hires based on a CISSP alone anyway.
M. Dante Mercurio, CISSP, CWNA, SCSP
Consulting Group Manager
Continental Technologies, Inc.
"We Connect and Protect Your Network"
10540 York Road, Hunt Valley MD 20131
11 East Front Street, Shiremanstown PA 17011
dante@webcti.com
1-800-606-6060
410-666-3307 (Fax)
443-677-5192 (Cell)
www.webcti.com
-----Original Message-----
From: Fu Wang, Thio [mailto:fuwang@crimsonlogic.com]
Sent: Monday, February 14, 2005 8:46 PM
To: Varun Pitale; security-basics@securityfocus.com
Subject: RE: CISSP without experience
Hi,
Here in Singapore, we have had people getting the CISSP without the
sufficient knowledge and experience acquired for 3 years. Some only have
1 year and they manage to get the CISSP. Many of the so called vendors
has people obtianing the CISSP with only 1 year experience.
Have raised this to CISSP but noone there replies.
I really question the value of this type of certification as there is no
stringent background check on the candidate.
Rgds,
Fuwang
-----Original Message-----
From: Varun Pitale [mailto:varun.pitale@gmail.com]
Sent: Tuesday, February 15, 2005 6:51 AM
To: security-basics@securityfocus.com
Subject: CISSP without experience
I have a 6 month experience on working professionally in Information
Security, but I have been learning and practicing it in my studies and
now I am looking for a job. Almost all of the jobs require a CISSP, but
you cannot get it without atleast 3 years experience. I did hear that
even without an experience you can pass the CISSP, but you will not get
the certification and then you can go to the employer and tell him that
you passed the CISSP. Anyone have any views or any experience with it?
--
Regards,
Varun
(704)-687-6005 --(Office)
(704)-458-3589 --(Mobile)
mailto: varun.pitale_(at)_gmail_(dot)_com
