OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
ISS/XForce Archives: RE: Information

RE: Information

Subject: RE: Information
From: Gary Dentremont/Towers Perrin (dentregtowers.com)
Date: Mon Jan 10 2000 - 15:41:59 CST

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

I absolutely concur with your sentiments, particularly when I'm the hiring
manager! I've also found that when you are job hunting, and non-security types
are looking for CISSP as a preferred skill, althougth it won't get you a job,
it certainly helps to get the interview. As far as technical currency, one of
the major requirements for retaining the certification is that you must complete
a specified number of training or instructor hours (120 CPE credits over 3
years) or re-test every three years.

Regards,
Gary Dentremont, CISSP
Information Security Officer
Towers Perrin

"Filacchione, Alex (ISSAtlanta)" <alexfiss.net> on 01/10/2000 10:07:09 AM

To: "'jawilliansg.navy.mil'" <jawilliansg.navy.mil>, issforumiss.net
cc: (bcc: Gary Dentremont/Towers Perrin)
From: "Filacchione, Alex (ISSAtlanta)" <alexfiss.net>
Date: 01/10/2000 10:07 AM
Subject: RE: Information

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------

In terms of hiring there is the CISSP test as mentioned. However, there are
many security professionals out there who not only have not taken the CISSP,
but do not know exactly what it is. Not being CISSP certified does not
necessarily mean that the person in question does or does not know about
security, and is or is not a competent (or even MORE than competent)
professional. Similarly, someone who is CISSP certified does not
necessarily know everything about security. The best thing to do is to
check references with past jobs. As far as checking on whether someone who
is currently hired is keeping up his or her level of competence, that is
another story. You could have that professional take the CISSP test, they
could pass with flying colors, but if they do not know about the latest
attacks, there *is* the possibility that through an honest mistake your
network could be left wide open.

Peer review, and making sure that the security person has the resources
available (including TIME) to keep current (iow, there is a lot of
daily/weekly reading required to keep current!), are probably your best bets
for current employees.

Hope this helps some,

Alex F
alexfiss.net

-----Original Message-----
From: Julie Williams [mailto:jawilliansg.navy.mil]
Sent: Tuesday, January 04, 2000 12:23 PM
To: issforumiss.net
Subject: Information

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any
problems!
----------------------------------------------------------------------------

I apologize if this email is being sent out of the realm of this listserv,
but I am sorta lost as to where it would be appropriately sent..
I am trying to find out how commercial business test their experts.
1. Are they tested?
2. How are they tested?
3. As a supervisor in Information Assurance/Security/Vulnerabilities, how
do you OBJECTIVELY test the people that are supposed to know what they are
doing.

Why test, I need to know where I am at, Is their a standard level of
knowledge for this stuff???
Any Help would be greatly benefical

This archive was generated by hypermail 2b27 : Wed Jan 12 2000 - 08:59:42 CST