Hummmm...
Interesting but it's not funny if you have to explain the punch line.
I'm not trying to be mean or ridicule your comment. I will try to explain.
About four years ago MS began to realize that secure coding was important.
This after years of trial and error. They (MS) never really gave "security"
much thought. Then after being proded by the industry they decided to go in
the direction of "secure coding" without any more knowledge and they did before.
They hired someone with vast knowledge in a field unrelated to 'infosec' and
put them incharge of 'secure coding'. This isn't considered in any security
course (if you paid attention in class) the correct method of doing things.
(Please don't take this as a direct slam at your lack of MS knowledge but more
like a Discovery Channel Special).
Then because of industry pressure MS decides to offer a MS 'Security'
Certification. Hummmm...
Interesting that they don't think someone holding a CISSP, CISA or a CISM is
qualified to teach MS Security. So the logic behind this knee jerk reaction to
the industry is that MS knows how it "WANTS" to do security not how the
industry demands it should be done.
Of course, I'm only providing you the punch line so you can get the joke don't
take this personally. What I find interesting is that if you've ever taken a
SANS security course in the beginning. (And I mean with SANS first started out
before it ever offered the "G" certifications.) the people offering the classes
had "0" certification.
Stephen Northcutt, Alan Pallard and many others who are currently teaching
classes. Now what made them have the knowledge to create the "G"
certifications and how could they have taught CISSP classes without a CISSP?
But you don't see the humor in the fact that MS required someone to be MS
"security" certified before it could teach one of it's classes.
Now that's funny!
Frank Kenisky IV, CISSP, CISA, CISM
Information Systems Security Specialist
