Flames in your face? Actually I couldn't agree more.
I don't have a degree and the certifications I did get
I've never really leveraged. IMHO, what matters in
information security is getting the job done and
having the insight and ability to do so. Being able to
see trends and learn new things as they emerge is far
more important than any paper you can bring to the
table. And that includes the static knowledge base
associated with that paper. Heck, by the time
something is put into a curriculum and then taught
again it is over 2 years old. That's a lifetime in
this business.
It could even be argued that the static mentality and
unified method of thinking applied in university,
college, and many certification programs limits one's
thinking in ways that I consider crucial in the
InfoSec world. I won't make that argument myself as
it's very much up to the indivudial's mentality to
remain objective. Unfortunately plenty of people take
what they hear in school as law without question.
I know enough brilliant people in information security
that have gotten quite far without any paper. Granted
it is harder for these people to get their foot in the
door and to obtain that crucial initial recognition of
their skills. Then again the time lost trying to get
the initial work and the lower salaries they had to
contend with probably represent less time and money
than they would have sunk into a "classical" education
anyway.
My 2 cents.
Cheers,
Greg van der Gaast
Senior Consultant
CGI Group
CCE Montreal
--- Toby Barrick <tbarrick@cox.net> wrote:
Ken,
With you as a degree holder (I assume that you are)
I'm sure that you
feel that way about a degree. The fact of the matter
is that a degree is
a piece of paper, a mark on a stick as to what you
have spent in dollars
and time. A CISSP is a mark on a stick as to what
you know (memorized)
about security related issues (plus whatever money
was spent). Neither
of which, in the real word is worth it's weight in
paper.
I know lots of folks that have PhD that are
worthless. Yeah they bang
down the bucks due to the paper on the wall, but
they are totally
clueless. I know mechanics that make more than I do
investing in futures.
I'm not a big fan of the guy but take Bill Gates for
example. He does
not have a degree, he dropped out of college. I'd
actually be surprised
if he even has any certifications.
The bottom line counts in this world is vision,
insight, intuition, hard
work, and a feel for situations that whisper "this
is not right," I can
fix it - then acting on that thought.
Ok - I'm sure the flames will fly in my face, but
that is my opinion.
Have a great day.
Ken Kousky wrote:
This is the craziest conversation I ever heard of
- there is NO comparison
between a REAL degree and CISSP. CISSP is great,
valuable and vital but it
isn't in any way comparable.
Simply put, if you don't have a degree - get one
and get the best one you
can.
-----Original Message-----
From: Huang, John, GCM
[mailto:John.Huang@rbsgc.com]
Sent: Monday, January 23, 2006 1:41 PM
To: security-basics@securityfocus.com
Subject: RE: Re: University Degree or CISSP
Degree or CISSP? It depends on where you are in
life. A degree helps you
in the door and advancement into a management
position usually require a
college degree. But if you're already in the field
and don't have a
college degree, a CISSP cert is easier to obtain
in a shorter amount of
time, and provide more immediate benefit since you
can put the things
you learn into use.
-----Original Message-----
From: shyaam@gmail.com [mailto:shyaam@gmail.com]
Sent: Friday, January 20, 2006 10:25 PM
To: security-basics@securityfocus.com
Subject: Re: Re: University Degree or CISSP
Yes,
Very true. Nothing counts equivalent to
experience, but experience comes
only when someone starts somewhere. I have seen
one big thing happening
around. People in the industries shifted from
technology to business,
that is the point when they lost the security and
created more loopholes
in their own products as they reduced the time
needed, reduced budgets
and spent more on advertisements and marketing.
How does that reflect on people. They need people
already with
experience. But how is that possible. Everybody
needs to start
somewhere. So experience does count, but I would
say some foundation,
some added qualification and some experience is
good for a cool job. For
a startup job, some degree and some cert is
essential.
PS: This is my opinion, I am not pointing out any
company or any private
organization.
-S-
------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE
- ONLINE The Norwich
University program offers unparalleled Infosec
management education and
the case study affords you unmatched consulting
experience.
Tailor your education to your own professional
goals with degree
customizations including Emergency Management,
Business Continuity
Planning, Computer Emergency Response Teams, and
Digital Investigations.
http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
-----------------------
********************************************************************
This e-mail is intended only for the addressee
named above.
As this e-mail may contain confidential or
privileged information,
if you are not the named addressee, you are not
authorized
to retain, read, copy or disseminate this message
or any part of it.
********************************************************************
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE
- ONLINE
The Norwich University program offers unparalleled
Infosec management
education and the case study affords you unmatched
consulting experience.
Tailor your education to your own professional
goals with degree
customizations including Emergency Management,
Business Continuity Planning,
Computer Emergency Response Teams, and Digital
Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE
- ONLINE
The Norwich University program offers unparalleled
Infosec management
education and the case study affords you unmatched
consulting experience.
Tailor your education to your own professional
goals with degree
customizations including Emergency Management,
Business Continuity Planning,
Computer Emergency Response Teams, and Digital
Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE -
ONLINE
The Norwich University program offers unparalleled
Infosec management
education and the case study affords you unmatched
consulting experience.
Tailor your education to your own professional goals
with degree
customizations including Emergency Management,
Business Continuity Planning,
Computer Emergency Response Teams, and Digital
Investigations.
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
