|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andre Gironda (andreg
gmail.com)
Date: Wed Dec 03 2008 - 17:26:15 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Dec 3, 2008 at 11:52 AM, Al Rivas <ARivashyphensolutions.com> wrote:
> I've been away for a while and so catching up today and noticed the idea that the CISSP required 5 years information security experience
CISSP is sad the more I think about it.
Since all corporate and government security has gone the way of
compliance, it's best to just hire certified individuals e.g.
SOX -> CISA
PCI-DSS -> CPISA
ISO 27K (and everything else) -> ISO 27K Lead Auditor (often referred to as LA)
If you actually do real security, OSCP is a bullshit cert just like
CEH, CNOP, SCNA, GSE, et al. Anything SANS or ISC2 is crap. All of
these certs mean absolutely nothing if you dig deep into the actual
meaning behind them.
I would hire an [recent] OPSA or ISO27K LA over pretty much anything
else, if forced to hire based on certifications. I would consider NSA
IAM/IEM certified people if ISECOM or ISO certified individuals aren't
available. These certifications have merit because there is real
operational security value behind them, and they are up-to-date with
the real world.
Cheers,
Andre
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]