|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Pete Herzog (lists
isecom.org)
Date: Sun Dec 21 2008 - 03:21:33 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
jwmerittaol.com wrote:
> Some CISSPs do know, and are worthy something, and have no desire to
> become wire-pullers or programmers. Look at the other areas - say, law.
I, for one, do not dispute the possible amount of knowledge which some
people ascertain during their quest for the CISSP. However I think
there's a danger for those working in security law, creating policy,
drafting legislation, or enforcing such and not understanding security
analysis. The CISSP does not offer that. It doesn't have to. But
there should be no illusions about what one gains from it. That is the
problem I see-- not the certification itself but what people think it
means one can do.
To be a good security analyst, for example, does not involve the same
skills needed to pull wires or program. However it does require strong
critical thinking skills at the least to differentiate fact from
marketing, bad statistics, slanted whitepapers, misguided metrics, and
promotion-paid research.
Sincerely,
-pete.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]