Jon Lasser, 2002-03-13
In which your intrepid columnist hands over $450 to sit for the CISSP exam, only to conclude that it measures little of value.
Colapse all |
Post comment
A Certified Waste of Time
2002-03-13
Anonymous CISSP (2 replies)
Anonymous CISSP (2 replies)
Well, We know he didnt pass....thats why he writes books
2002-03-14
Scott Sattler (1 replies)
Scott Sattler (1 replies)
Go back to writing more books....those that can do...those that can't write books and pretend to be the experts...
[ more ] [ reply ]
[ more ] [ reply ]
Well, We know he didnt pass....thats why he writes books
2002-03-20
Anonymous (1 replies)
Anonymous (1 replies)
I don't think that's called for. He seems pretty qualified to me.
Not every cert test is worth taking. He's not the only one to have this same complaint about the CISSP.
By the way, people who write books are usually pretty knowledgeable about their subject matter. That's why they are picked t...
[ more ] [ reply ]
Not every cert test is worth taking. He's not the only one to have this same complaint about the CISSP.
By the way, people who write books are usually pretty knowledgeable about their subject matter. That's why they are picked t...
[ more ] [ reply ]
Re: Well, We know he didnt pass....thats why he writes books
2008-11-27
CCIE Security
CCIE Security
You are a idiot if you think a Cisco cert is not worth its weight in gold. I have been in the industry since 1992 and I have had numerous Cisco certs, which include CCIE Security valid to date. I can almost write my own ticket anywhere I go on my abilities and CERTIFICATION of CCIE. But then again I...
[ more ] [ reply ]
[ more ] [ reply ]
This Article Was A Certified Waste of Time!
2002-03-14
Tom Alibrandi (3 replies)
Tom Alibrandi (3 replies)
To the author:
I normally don't post in meta-discussions regarding an article, but I can't leave this one unanswered. A few points:
1) I was from the school of thought that having a broad array of knowledge is a good thing - not a bad thing. The CISSP exam again is comprehensive from an INFOSEC...
[ more ] [ reply ]
I normally don't post in meta-discussions regarding an article, but I can't leave this one unanswered. A few points:
1) I was from the school of thought that having a broad array of knowledge is a good thing - not a bad thing. The CISSP exam again is comprehensive from an INFOSEC...
[ more ] [ reply ]
This Article Was A Certified Waste of Time!
2002-03-17
Anonymous
Anonymous
I have a CISSP and I found that what was useful in getting it was the study beforehand. I took a weekly course for 12 weeks and by having an ordered view and review of Information Security, I was able to put a framework around the field. So the discipline of learning the facts to pass the test was v...
[ more ] [ reply ]
[ more ] [ reply ]
This Article Was A Certified Waste of Time!
2002-03-25
Anonymous
Anonymous
> 3) Keeping the questions-and-answers secret for a
> certification exam is hardly a novel concept, or is anal.
> It's vital for maintaining the integrity of the exam.
The FAA apparently doesn't think so. The questions for their exams are published, but there's a very large question pool. Th...
[ more ] [ reply ]
> certification exam is hardly a novel concept, or is anal.
> It's vital for maintaining the integrity of the exam.
The FAA apparently doesn't think so. The questions for their exams are published, but there's a very large question pool. Th...
[ more ] [ reply ]
Re: This Article Was A Certified Waste of Time!
2007-05-22
Anonymous
Anonymous
I would have to disagree with your 5th point about having to be consistently strong in all 10 domains. I actually think the exam overall is very incosistent. The only domain that is ridiculously "nitty-gritty" technical is Encryption where they expect you to know the phases of DES, 3DES, and AES. ...
[ more ] [ reply ]
[ more ] [ reply ]
The answer is 16
2002-03-13
Anonymous (1 replies)
Anonymous (1 replies)
for those of you who were expecting Lasser to tell you how many rounds DES has......
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-13
Jim Rodgers
Jim Rodgers
I'm not a CISSP, and I haven't taken the test yet, so I can't assess the quality of the questions. What I would say, however, is that I don't think the CISSP is meant to be (or is advertised as) a highly specific network security or application security or perimeter defense or any other kind of tec...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-13
Anonymous
Anonymous
You wrote:
"they won't admit to scoring on a curve, nor will they share the "passing score" if there is one"
If you had bothered to read the documentation sent to you after registration, you would have learned the following:
"When there are differences in the examination difficulty, a mathe...
[ more ] [ reply ]
"they won't admit to scoring on a curve, nor will they share the "passing score" if there is one"
If you had bothered to read the documentation sent to you after registration, you would have learned the following:
"When there are differences in the examination difficulty, a mathe...
[ more ] [ reply ]
A Certified Waste of Time
2002-03-13
BaijuShah, CISSP
BaijuShah, CISSP
While I agree that test was long and dreadfully boring, all the tests have the same crap that you can look it up for answer. Cisco has bunch of questions on commands that can be verified in a book or online help. Microsoft exams ask information that is not used in my day-to-day usage but are asked...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time... not for me!
2002-03-13
Aaron Higbee (2 replies)
Aaron Higbee (2 replies)
To re-hash my voiced opinions at dc.securitygeeks meeting: It's now your responsibility to "fix" the test if you don't agree with its focus or depth. When I took the test I filled out 6 of the "I don't agree with this question" forms. Contribute, Participate, improve it.
Personally I can say th...
[ more ] [ reply ]
Personally I can say th...
[ more ] [ reply ]
A Certified Waste of Time... not for me!
2002-03-15
Anonymous
Anonymous
i certainly agree with Aaron's views. The problem we are facing is that most of the security personnel overlook the non technical aspects of the security domains like BC, DR and security policy. but for the overall security management of an enterprise, it is required that the person at the helm of a...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time... not for me!
2002-03-24
Anonymous
Anonymous
Good post! Still, companies are hiring CISSP's and they think they're getting at least five years of experience in infosec with it. Many people are SEVERELY padding their experience and are not full time infosec people, certainly not for five years...
I know people who crammed the CISSP from bo...
[ more ] [ reply ]
I know people who crammed the CISSP from bo...
[ more ] [ reply ]
No real correlation
2002-03-13
Anonymous (1 replies)
Anonymous (1 replies)
I know many people who have taken the test and there is no correlation to their ability to take their "well rounded" knowledge and actually apply it to real life security technology design. I will say that there are many techies who run around saying "well that's not secure" without understanding th...
[ more ] [ reply ]
[ more ] [ reply ]
No real correlation
2002-03-15
John Whorfin <johnwhorfin@lectroid.net>
John Whorfin <johnwhorfin@lectroid.net>
> I know many people who have taken the test and there
> is no correlation to their ability to take their
> "well rounded" knowledge and actually apply it to
> real life security technology design.
Similar to MCSEs, CCNAs or BS degrees. So?
> I will say that there are many techies who run ...
[ more ] [ reply ]
> is no correlation to their ability to take their
> "well rounded" knowledge and actually apply it to
> real life security technology design.
Similar to MCSEs, CCNAs or BS degrees. So?
> I will say that there are many techies who run ...
[ more ] [ reply ]
A Certified Waste of Time
2002-03-13
Anonymous (1 replies)
Anonymous (1 replies)
A Certified Waste of Time
2002-03-13
cray@ttlunlimited.com (1 replies)
cray@ttlunlimited.com (1 replies)
Outstanding!
I could not agree more. How many certifications out there truly measure someone's talent and occupational ability versus simply their test taking ability - aside from Cisco? I have conducted security assessments and such for over 4 years now and have yet to take the exam - though...
[ more ] [ reply ]
I could not agree more. How many certifications out there truly measure someone's talent and occupational ability versus simply their test taking ability - aside from Cisco? I have conducted security assessments and such for over 4 years now and have yet to take the exam - though...
[ more ] [ reply ]
CCIE-Security & Cisco Security Specialist 1
2002-03-16
teLi, CCNP (5 replies)
teLi, CCNP (5 replies)
I wouldn't even bother with CISSP since this is the case. I rather go after Cisco's Security Specialist 1 track. Which is what I'm pursing at the moment.
Though, as the need for true talent being tested, as expressed in this article, there is no better candidate than Cisco's CCIE-Security which r...
[ more ] [ reply ]
Though, as the need for true talent being tested, as expressed in this article, there is no better candidate than Cisco's CCIE-Security which r...
[ more ] [ reply ]
CCIE-Security & Cisco Security Specialist 1
2002-03-18
Thomas Porter, Ph.D.
Thomas Porter, Ph.D.
Please note that, "recognized as one of the best in the industry" may apply _only_ if Cisco products are being used. IMHO, Cisco's security offerings are, at best, overrated, & in some cases (for example - NetSonar or Cisco Secure Scanner, whatever...) the products are poorly designed & implemented...
[ more ] [ reply ]
[ more ] [ reply ]
CCIE-Security & Cisco Security Specialist 1
2002-03-18
Aaron Higbee
Those certs might demonstrate your ability to setup cisco products but it won't show you know anything about security.
So you may be krad enough to get pix to fw1 ipsec tunnels working. You may even know how to apply 1918 ACL's and disable small services.
But until you stop leaving your tft...
[ more ] [ reply ]
Aaron Higbee
Those certs might demonstrate your ability to setup cisco products but it won't show you know anything about security.
So you may be krad enough to get pix to fw1 ipsec tunnels working. You may even know how to apply 1918 ACL's and disable small services.
But until you stop leaving your tft...
[ more ] [ reply ]
CCIE-Security & Cisco Security Specialist 1
2002-03-22
Anonymous
Anonymous
I have both the Cisco Security Specialist 1 & CISSP certs- &
the Cisco Sec. Cert is a total joke- I didnt even really study for the track- and got high 800's on all the exams. Doesnt anybody realize that these certs dont quantify ant type of real ability but only to quantify youre marketibility to ...
[ more ] [ reply ]
the Cisco Sec. Cert is a total joke- I didnt even really study for the track- and got high 800's on all the exams. Doesnt anybody realize that these certs dont quantify ant type of real ability but only to quantify youre marketibility to ...
[ more ] [ reply ]
CCIE-Security & Cisco Security Specialist 1
2002-03-29
Mr. Chase
Mr. Chase
The CCIE security is based totally around Cisco Products, and as far as I remember Cisco isn't a software company (sure the company was based off stolen software but that is beside the point). Is that why their Cisco Secure IDS is trash and can't go beyond 100Mbps and that you have to use the Blade ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: CCIE-Security & Cisco Security Specialist 1
2007-07-31
IT prof (1 replies)
IT prof (1 replies)
I have met many paper CCIE, and MCSE who could not configure an IP address when given the opportunity. You must have practical experience; within IT and most of those who pass the CISSP have a broad range of abilities. It is not meant to be focused on one area, but broad on many. I have been a Solar...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: CCIE-Security & Cisco Security Specialist 1
2008-03-23
Anonymous
Anonymous
MCSE, ok sure.. but paper CCIE who couldn't configure an IP address... I think you are guilty of some exaggeration here, or the 'paper CCIE' did not actually show you their paper because configuring an IP address is certainly a base requirement of getting the CCIE. passing the CCIE written does not...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-13
Anonymous (1 replies)
Anonymous (1 replies)
I couldn't agree more wholeheartedly. After hearing that it was the "industry standard" I got a copy of the prep guide... Wow! I returned the book and decided to look elsewhere. Check out the CIW Security Professional (Security Analyst) much more of a technical test (but not as fractured as SANS GIA...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-20
Anonymous
Anonymous
It's ironic how we have become an industry of test takers..
Our managers have no clue as to what we do, or what it takes
to perform security duties. I see all these experts, miss
basic functions like changing default passwords and other such trivial ommisions. It's how well you take a test, tha...
[ more ] [ reply ]
Our managers have no clue as to what we do, or what it takes
to perform security duties. I see all these experts, miss
basic functions like changing default passwords and other such trivial ommisions. It's how well you take a test, tha...
[ more ] [ reply ]
A Certified Waste of Time
2002-03-13
M
M
Why did we ever leave the master-journeyman-apprentice system behind?
I took the CompTIA A+ certification test just yesterday and also left feeling like it had been a certified (certifiable) waste of time. Pieces of paper and test scores are not really indicative of performance or potential; as s...
[ more ] [ reply ]
I took the CompTIA A+ certification test just yesterday and also left feeling like it had been a certified (certifiable) waste of time. Pieces of paper and test scores are not really indicative of performance or potential; as s...
[ more ] [ reply ]
A Certified Waste of Time
2002-03-14
Anonymous (1 replies)
Anonymous (1 replies)
I have had my CISSP for one and a half years and it had done nothing for me. I see this as the MCSE for the security field. There are CISSP bootcamps out now and ExamCram books too. Just give it a few years and it will be about as valuable as the MCSE....
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-14
Ian Simpson
Ian Simpson
I agree with the majority of what you say, particularly in respect to the relevance of the material being tested. Perhaps an exam/certification for each of the CBK's would be of greater benefit. In any case, the degree of industry recognition that the cert enjoys is somewhat disputable. Some organis...
[ more ] [ reply ]
[ more ] [ reply ]
Congratulations
2002-03-14
auto318190 (1 replies)
auto318190 (1 replies)
Those who can ... do... those who cannot...
2002-03-26
Ann 'Onymous
Ann 'Onymous
Hmmm... just a comment or two... I have a number of certifications (MCSE/D, CNE, ECNE, SolarisSysEngr, Oracle App Dev & thus Java2 Programmer/Developer) and I'm thinking about getting one of the security certs (not the one under discussion). Based on my experientially acquired knowledge, you KNOW wh...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-14
Anonymous (1 replies)
Anonymous (1 replies)
I think this has been a problem in the IT industry for several years now. If it is essential for a system administrator to analyze/solve problems on the fly, how do you test for this ability?
One approach is, of course, the "large body of general knowledge" factor, figuring that if you know a lo...
[ more ] [ reply ]
One approach is, of course, the "large body of general knowledge" factor, figuring that if you know a lo...
[ more ] [ reply ]
Trivial Pursuit
2002-03-14
Mike R
Mike R
In the early 90's I was looking at the CNE. One of the practice questions I remember was how many search drives can you can have. (I think it is 16) After just missing pass on the sample exam with no prep, I decided they are a waste of time and got my MBA from a 2nd tier school.
BTW, I am a very ...
[ more ] [ reply ]
BTW, I am a very ...
[ more ] [ reply ]
Go to SANS
2002-03-14
Chris (3 replies)
Chris (3 replies)
If you want certification that teaches you real hands on knowledge, go to SANS GIAC at www.sans.org. The courses are thorough, and the tests are meaningful. There is also a hands-on practical assignment before the certification is awarded. I have taken 3 of their courses, and I highly recommend them...
[ more ] [ reply ]
[ more ] [ reply ]
Go to SANS
2002-03-14
HD, CISSP (1 replies)
HD, CISSP (1 replies)
He's already been there. Apparently, Mr. Lasser co-taught the SANS GIAC Security Essentials course between 2/2001 and 5/2001. Right after the time he received his own GSEC1 cert. Since there was not a scathing slam on the GSEC certs (yet, no follow up on receiving the other 6 or 7), the question ...
[ more ] [ reply ]
[ more ] [ reply ]
Go to SANS
2002-03-15
Tim (2 replies)
Tim (2 replies)
It looks like John has taken your advice..
Refrence his resume at http://www.tux.org/~lasser/resume.html
Not only does he profit from teaching boot-camps for
SANS Certification applicants, but he has a self-intrest
in promoting a competing certification over the ISC2.
This is a gross misu...
[ more ] [ reply ]
Refrence his resume at http://www.tux.org/~lasser/resume.html
Not only does he profit from teaching boot-camps for
SANS Certification applicants, but he has a self-intrest
in promoting a competing certification over the ISC2.
This is a gross misu...
[ more ] [ reply ]
Go to SANS
2002-03-20
Anonymous
Anonymous
While Mr. Lasser may have taught for SANS, he is not an employee of SANS and the view he expresses are his own.
Also, SANS does not teach "bootcamp" style courses designed *to help you pass* the GIAC certifications. SANS teaches courses *that can be used to prepare for the certifications* - but ...
[ more ] [ reply ]
Also, SANS does not teach "bootcamp" style courses designed *to help you pass* the GIAC certifications. SANS teaches courses *that can be used to prepare for the certifications* - but ...
[ more ] [ reply ]
Go to SANS
2002-03-24
Anonymous
Anonymous
Perhaps this is why he no longer teaches for them? Please be careful not to slam SANS when you ask that Jon not slam the CISSP/ISC2.
Also, are you implying that SANS is behind this article? I've been at several SANS conferences and have found them very educational as well as amazing opportuniti...
[ more ] [ reply ]
Also, are you implying that SANS is behind this article? I've been at several SANS conferences and have found them very educational as well as amazing opportuniti...
[ more ] [ reply ]
A Certified Waste of Time
2002-03-14
Terry Atkison
Terry Atkison
The problem I'm running into trying to 'break into' the security field is that there is only a couple of security-related certifications to work towards. If there isn't some sort of formal path one can take, it seems like it is more a matter of luck than skill when one does get a job in this field....
[ more ] [ reply ]
[ more ] [ reply ]
Certs
2002-03-14
W. Allen (1 replies)
W. Allen (1 replies)
Actually I believe the same can be said for all certs. The HR folks and even the IT managers of many companies are not adequately prepared to "evaluate" computer professionals. The certifications give some of those in the hiring process an out if the candidate doesn't cut it....
[ more ] [ reply ]
[ more ] [ reply ]
Certs
2002-03-21
Anonymous
Anonymous
I totally agree with this sentiment. My ex-"technical lead" somehow was able to pass the CISSP exam. The funny thing is, he couldn't find a job after he was let go from his lofty position. Why? Because when truly technical people who had plenty of hands-on experience interviewed him, they saw th...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-14
Louis Dolton
Louis Dolton
In this article, Jon Lasser is paid to make broad generalizations about the CISSP Exam. This test attempts a very difficult task. It attempts to test the knowledge of applicants in security management practices; applications and systems development; law, investigations, and ethics; cryptography; a...
[ more ] [ reply ]
[ more ] [ reply ]
Not the stated function of the certification
2002-03-14
Anonymous
Anonymous
The CISSP certification's stated purpose is for managers of security professionals. This is why the exam is so broad. It was stated in the CBK review course that the exam would _not_ go very deeply into the nuts and bolts of specific security skills. And why would you want a manager that has that le...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-14
Surreal
Surreal
I appreciate the article as it reinforces my impressions to date. Another example of "silly security" is when you send them a request for study materials - you get a link to download password-protected .PDF files. Whoa, those folks must *really* know the spook business...
I have two (dotcom ca...
[ more ] [ reply ]
I have two (dotcom ca...
[ more ] [ reply ]
Pass it and respect it. Do not pass it and blame the test.
2002-03-14
From someone who doesn't know anything but it is a CISSP
From someone who doesn't know anything but it is a CISSP
Sure. Let's forget tests and thinks lihe that because they do not test people. (Go Forrest....go)
2 points:
1 - He should have waited to see if he had made it. It would be more impressive if a CISSP had said that. Although, if he had, i doubt if he'd.
2 - Knowing lynux and unix is just a part of ...
[ more ] [ reply ]
2 points:
1 - He should have waited to see if he had made it. It would be more impressive if a CISSP had said that. Although, if he had, i doubt if he'd.
2 - Knowing lynux and unix is just a part of ...
[ more ] [ reply ]
A Certified Waste of Time
2002-03-14
Anonymous CISSP
Anonymous CISSP
I wasted enough of my time and money to earn a $40,000 per annum pay raise as a result of my certification. Perhaps Mr. Lasser earns a large enough income that my 30% pay raise, into the six figure bracket, does not mean much to him. As for me, I have found my investment of my time to be most rewa...
[ more ] [ reply ]
[ more ] [ reply ]
Take it for what it's worth
2002-03-14
Anonymous
Anonymous
If we're all honest, certifications are much like many college degrees. How many of us use the minute details of humanities, calculus, literature, organizational behavior, etc. in our daily lives? A certification and degree shows most of all that you are committed to learning and bettering yourself ...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-14
Anonymous
Anonymous
Jon,
I have to agree with you. CISSP and any certification out there with a wide scope of knowledge is completely useless. I would rather hire a high school drop out with experience since his high school diploma means nothing except useless wide range of knowledge and memorized facts he or she w...
[ more ] [ reply ]
I have to agree with you. CISSP and any certification out there with a wide scope of knowledge is completely useless. I would rather hire a high school drop out with experience since his high school diploma means nothing except useless wide range of knowledge and memorized facts he or she w...
[ more ] [ reply ]
A Certified Waste of Time - How closed minded can you get
2002-03-14
Eric, CISSP CCIE CNE MCSE ACE CCSE (3 replies)
Eric, CISSP CCIE CNE MCSE ACE CCSE (3 replies)
Well… It is nice to see such closed mindedness. It makes the value of true professionals stand out. I’ve been in the business for over 17 years and I’ve seen plenty of people like yourself come and go.
Let me guess. If you pass your gonna love the CISSP title but if you fail y...
[ more ] [ reply ]
Let me guess. If you pass your gonna love the CISSP title but if you fail y...
[ more ] [ reply ]
Re: A Certified Waste of Time - How closed minded can you get
2002-03-15
Anonymous
Anonymous
Hi Mr. CISSP CCIE CNE MCSE ACE CCSE,
> Well… It is nice to see such closed mindedness.
Who is #8230? Oh, you mean Jon Lasser.
> It makes the value of true professionals stand out. I’ve been in the business for over 17 years
Apparently not enough time to learn about standard...
[ more ] [ reply ]
> Well… It is nice to see such closed mindedness.
Who is #8230? Oh, you mean Jon Lasser.
> It makes the value of true professionals stand out. I’ve been in the business for over 17 years
Apparently not enough time to learn about standard...
[ more ] [ reply ]
A Certified Waste of Time - How closed minded can you get
2002-03-16
H Carvey <keydet89@yahoo.com>
H Carvey <keydet89@yahoo.com>
Eric,
"It makes the value of true professionals stand out."
"...then your a complete idiot and liar."
If this is how "professionals" act...by publicly slandering someone with an opinion different from your own...then I'll hang up my CISSP cert now.
I'd also suggest that as a "professiona...
[ more ] [ reply ]
"It makes the value of true professionals stand out."
"...then your a complete idiot and liar."
If this is how "professionals" act...by publicly slandering someone with an opinion different from your own...then I'll hang up my CISSP cert now.
I'd also suggest that as a "professiona...
[ more ] [ reply ]
A Certified Waste of Time: John Lasser
2002-03-14
David Hawley, CISSP
David Hawley, CISSP
While I do concur that the CISSP certification is broad, has high-level focus, and is bereft of gut-level, product/technology-specific detail -- it is precisely these characteristics which attracted me in the first place.
After 25 years in the IT field, it has become eminently apparent that there...
[ more ] [ reply ]
After 25 years in the IT field, it has become eminently apparent that there...
[ more ] [ reply ]
It's so easy to criticize, Isn't it?
2002-03-14
Dr. Mike Ewing (2 replies)
Dr. Mike Ewing (2 replies)
I love the role of the Critic....they often get listened to, and they don't have to contribute anything at all to address the original issue. I am sure you meant well, maybe, but what would you suggest as a better alternative?...
[ more ] [ reply ]
[ more ] [ reply ]
now that you mention it ..
2002-03-17
No One of Consequence (1 replies)
I suppose it is, at that. I've personally always found the author forgettable and his columns unremarkable. This doesn't mean he is or should be these things to anyone else. SecurityFocus loves columns like this one, since they draw repeat visitors to their low-readership internet property. That's...
[ more ] [ reply ]
No One of Consequence (1 replies)
I suppose it is, at that. I've personally always found the author forgettable and his columns unremarkable. This doesn't mean he is or should be these things to anyone else. SecurityFocus loves columns like this one, since they draw repeat visitors to their low-readership internet property. That's...
[ more ] [ reply ]
A Certified Waste of Time??
2002-03-14
matt@whatuwant.com
matt@whatuwant.com
Was wondering if you were upset @ the $450 price tag? Having taken M$, Compaq, HP, and CISSP exams, this exam follows the 10 domains in the CBK rather well. I believe your "issue" is with the content of the CBK. If that is the case, why not help add some depth to this "...very broad, but very sha...
[ more ] [ reply ]
[ more ] [ reply ]
What is your basic problem?
2002-03-14
Anonymous
Anonymous
I am a CISSP, and I disagree with all of you negative comments. How long have you been in the computer industry? I have been in it since 1972 and I for one know that this test is an excellent indicator of someone's strengths and weaknesses. If you did pass, you certaintly missed the point on this. I...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of SF Goodwill
2002-03-14
Chris (2 replies)
Chris (2 replies)
Jon,
I sincerely hope you more completely consider the effect your articles can have, in the future. Writing negative articles should be avoided unless absolutely necessary, and in this case, you've won nothing but cost SF some legitimacy and raised speculation on their selection process for col...
[ more ] [ reply ]
I sincerely hope you more completely consider the effect your articles can have, in the future. Writing negative articles should be avoided unless absolutely necessary, and in this case, you've won nothing but cost SF some legitimacy and raised speculation on their selection process for col...
[ more ] [ reply ]
Try the CISA, to you, it may be the "security" Holy Cert
2002-03-14
You really crack me up!
You really crack me up!
I would say something like "Bite my bottum", but I will not. Everyone has opinions - they are like arm pits, some of them just stink. But, it is your choice to make the comments. There are vendor specific certs that "Challenge" specific security reqs, but not always. At least the CISSP is something ...
[ more ] [ reply ]
[ more ] [ reply ]
Prove Your Point
2002-03-14
Anonymous
Anonymous
My certification fits perfectly into my professional life. It is a helpful ice breaker with clients and as such is useful to my employer. For me, it is perfect.
Now, after taking the test you will have passed or failed:
If you passed, and the certification means so little to you, might I suggest...
[ more ] [ reply ]
Now, after taking the test you will have passed or failed:
If you passed, and the certification means so little to you, might I suggest...
[ more ] [ reply ]
A Certified Waste of Time
2002-03-14
Anonymous
Anonymous
I used to say exactly what you just stated while toiling away many hours attending school at night to earn a BS in management while being in the military. Now granted being in the military does teach and provides for experience to be a manager. So I used to say why bother getting a degree when I hav...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-14
Arnie Jackson
Arnie Jackson
Criticism is just that, ones own opinion, and I respect that. Here's mine: I too am greatly concerned with tests and certifications and the loss of value if taken too lightly.
I must applaud the effort of ISC2 and the CISSP program (though pricing has always been a concern), Overall security awar...
[ more ] [ reply ]
I must applaud the effort of ISC2 and the CISSP program (though pricing has always been a concern), Overall security awar...
[ more ] [ reply ]
Lookie what I found.. Mr. Lasser was on SANS payroll
2002-03-14
Anonymous (1 replies)
Anonymous (1 replies)
love vendor independent reviews of other certifications
from a recent resume of "Jon Lasser's"
http://www.tux.org/~lasser/resume.html
February 2001 - May 2001
Continuing Education, University of Maryland, Baltimore County. Instructor
Co-taught SANS Institute's GIAC Security Essential...
[ more ] [ reply ]
from a recent resume of "Jon Lasser's"
http://www.tux.org/~lasser/resume.html
February 2001 - May 2001
Continuing Education, University of Maryland, Baltimore County. Instructor
Co-taught SANS Institute's GIAC Security Essential...
[ more ] [ reply ]
Lookie what I found.. Mr. Lasser was on SANS payroll
2002-03-21
Andy
Andy
Just to clarify, Jon was hired by UMBC to teach a course based on SANS material. While he was involved with SANS during the development of Bastille Linux, I don't think that he was ever on the "SANS payroll".
Now while I'm the first to say that Jon is a fascinating person and worthy of much care...
[ more ] [ reply ]
Now while I'm the first to say that Jon is a fascinating person and worthy of much care...
[ more ] [ reply ]
Specialists vs. Generalists
2002-03-15
Robert Alberti, CISSP
Robert Alberti, CISSP
I think the author may be missing an important point.
The CISSP is, in my opinion, a test for GENERALIZED security knowledge -- that is, exactly as the author puts it, broad but shallow.
Generalism versus specialism is, I believe, an innate characteristic in each person. I am a generalist. I...
[ more ] [ reply ]
The CISSP is, in my opinion, a test for GENERALIZED security knowledge -- that is, exactly as the author puts it, broad but shallow.
Generalism versus specialism is, I believe, an innate characteristic in each person. I am a generalist. I...
[ more ] [ reply ]
A Certified Waste of Time
2002-03-15
Anonymous
Anonymous
It disheartens me to see this article. I worked hard to get my CISSP and regardless of what anyone says, I am proud of it. I put forth that if the author did pass, that he not be awarded the certification. It is quite obvious that he does not believe in nor does he plan on adhering to our Code of Ef...
[ more ] [ reply ]
[ more ] [ reply ]
Obviously written by someone who doesn't understand security
2002-03-15
Chris Thatcher, CISSP, MCSE
Chris Thatcher, CISSP, MCSE
It is unfortunate that this type of article is published. While I respect the first amendment rights to free speach and press, I wonder what purpose this article serves. Mr. Lasser claims be a security consultant, but shows an obvious lack of understanding of what security really is.
Security...
[ more ] [ reply ]
Security...
[ more ] [ reply ]
A few more thoughts...
2002-03-15
Rick Ewart, CPA & CISSP
Rick Ewart, CPA & CISSP
I was going to rag on the author directly, but I realized that he simply spoke too soon and really has not had the opportunity to really understand that which he writes about.
While the author criticizes the exam, his desire to become a CISSP shows the importance that the world has placed on bein...
[ more ] [ reply ]
While the author criticizes the exam, his desire to become a CISSP shows the importance that the world has placed on bein...
[ more ] [ reply ]
A Certified Waste of Time- You said a mouthful
2002-03-15
Anonymous
Anonymous
I read your article thinking I would get some value from it. I was wrong. Your article was completely biased and self centered from the beginning. Hopefully you will learn from this experience. In the future when I see anything with your name attached to it I will pass it by. I now know reading anyt...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-15
Edward J. Liebig CISSP, CBCP, MCP - Director, IT Security
Edward J. Liebig CISSP, CBCP, MCP - Director, IT Security
Your pompous, indignant, condescending demeanor would never be welcomed nor allowed into any of my environments. There are specific certifications that deal with the bit twidget types and then there are "anal-retentive" Managers. Directors, and, yes, VP's (CISO’s) that strive to hone their ov...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-15
Anonymous
Anonymous
The comments are applicable to anyone certification.
You can look into any information that you want from a book.
You will realise the fact that it is not always recommended to go into the details at a time when you dont want to.
What if the doctor you go to starts reading a book as to how ...
[ more ] [ reply ]
You can look into any information that you want from a book.
You will realise the fact that it is not always recommended to go into the details at a time when you dont want to.
What if the doctor you go to starts reading a book as to how ...
[ more ] [ reply ]
More to it than that
2002-03-15
Don Helms CISSP
Don Helms CISSP
Seems to be missing the point...
I wasn't going to bother since I'm actually less involved in security work than when I took the test, but there is much more to it than that.
The test only indicates a certain required knowledge level. It's open to debate whether that meets job requirements. T...
[ more ] [ reply ]
I wasn't going to bother since I'm actually less involved in security work than when I took the test, but there is much more to it than that.
The test only indicates a certain required knowledge level. It's open to debate whether that meets job requirements. T...
[ more ] [ reply ]
A Certified Waste of Time - Who are the certs for?
2002-03-15
Steven
Steven
These are *my* opinions. YMMV
The problem with very broad based certifications (like the CISSP) is that it gives prospective employers a false confidence that they've hired the right people for the job. Like some of the earlier comments, I think there is more value in the hands-on certification...
[ more ] [ reply ]
The problem with very broad based certifications (like the CISSP) is that it gives prospective employers a false confidence that they've hired the right people for the job. Like some of the earlier comments, I think there is more value in the hands-on certification...
[ more ] [ reply ]
CISSPs in Europe?
2002-03-15
gmflash@web.de (1 replies)
gmflash@web.de (1 replies)
Although I haven't taken the test, I must admit, I do like the concepts behind ISC(2)s CBK. I often refer to CISSP oriented training material in my own security seminars, and I feel that my students do appreciate the content.
Yet, taking any exam makes only sense if it is recognised by the marke...
[ more ] [ reply ]
Yet, taking any exam makes only sense if it is recognised by the marke...
[ more ] [ reply ]
A Certified Waste of Time
2002-03-15
Jim Webster, CISSP
Jim Webster, CISSP
Mr. Lasser,
The goal (in my opinion) of the CISSP exam is to ensure a minimum level of competence in the field - not a guarantee of performance and skill. You state that you "certainly wouldn't hire a professional to audit my systems on the basis of the certification." - I have to ask - would ...
[ more ] [ reply ]
The goal (in my opinion) of the CISSP exam is to ensure a minimum level of competence in the field - not a guarantee of performance and skill. You state that you "certainly wouldn't hire a professional to audit my systems on the basis of the certification." - I have to ask - would ...
[ more ] [ reply ]
A Certified Waste of Time - NOT!
2002-03-15
Chris Hare CISSP, CISA
Chris Hare CISSP, CISA
The CISSP is intended to be the equivalent in knowledge breadth of a Certified Accountant or a General Practitioner MD. They know a little about a lot of things, and quite likely a lot about one or more areas specifically.
The level of depth can be continued shallow, however, it is not possibl...
[ more ] [ reply ]
The level of depth can be continued shallow, however, it is not possibl...
[ more ] [ reply ]
What...
2002-03-15
Anonymous (1 replies)
Anonymous (1 replies)
A Certified Waste of Time
2002-03-16
teLi, CCNP (1 replies)
teLi, CCNP (1 replies)
I wouldn't even bother with CISSP since this is the case. I rather go after Cisco's Security Specialist 1 track. Which is what I'm pursing at the moment.
Though, as the need for true talent being tested, as expressed in this article, there is no better candidate than Cisco's CCIE-Security which r...
[ more ] [ reply ]
Though, as the need for true talent being tested, as expressed in this article, there is no better candidate than Cisco's CCIE-Security which r...
[ more ] [ reply ]
A Certified Waste of Time
2002-03-18
Anonymous
Anonymous
The Cisco Certification is recognized as good because it requires hands-on problem solving, not just a multiple-choice test. But it doesn't test a broad range of knowledge, even in the network security field, let alone the full spectrum of Inormation Security.
It doesn't go into non-Cisco approach...
[ more ] [ reply ]
It doesn't go into non-Cisco approach...
[ more ] [ reply ]
A Certified Waste of Time
2002-03-16
Samuel Yeung, CISA, BS7799 Lead Auditor (1 replies)
Samuel Yeung, CISA, BS7799 Lead Auditor (1 replies)
I am not a CISSP, but I wish to have honor be one of them. To get know the security is easy, anyone can buy/ borrow books then read and read and read, or try in lab and test by yourself. I think what is valuable is how to make use of what you have known, return to the community and your pocket. I th...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Bunch of Crybabies...
2002-03-16
Mr. Andre Robitaille, I wonder how many acronyms I can put after my name? (1 replies)
Mr. Andre Robitaille, I wonder how many acronyms I can put after my name? (1 replies)
Did Mr. Lasser hurt your feelings? Are you feeling a little misty eyed? What's with so many of you making personal attacks against someone because of their opinion?
John made a number of valid points, and stopped just short of making another. Broad knowledge is no match for focused knowledge u...
[ more ] [ reply ]
John made a number of valid points, and stopped just short of making another. Broad knowledge is no match for focused knowledge u...
[ more ] [ reply ]
A Certified Bunch of Crybabies...AND Talk about Anally Retentive!!
2002-03-25
Dr. E. W. c.r.t.f.q., c.b.o.h.i.c.a, c.w.g.a.s., cv43, LEO
Dr. E. W. c.r.t.f.q., c.b.o.h.i.c.a, c.w.g.a.s., cv43, LEO
Finally!
Somebody puts the nail on these dumb certifications and all of you terribly insecure security whiner start to unravel at the edges!
I sat in on this CISSP workshop thing, and talk about a total waste of time. Jon hit it right on the head, broad brush certifications gain nothing. I hav...
[ more ] [ reply ]
Somebody puts the nail on these dumb certifications and all of you terribly insecure security whiner start to unravel at the edges!
I sat in on this CISSP workshop thing, and talk about a total waste of time. Jon hit it right on the head, broad brush certifications gain nothing. I hav...
[ more ] [ reply ]
Lasser's Waste of Time
2002-03-16
CISSP and Happy about it
CISSP and Happy about it
It is unfortunate Mr. Lasser is unable to see the benefit of this cert. It is intended to qualify broad based security professionals capable of navigating their companies through the entire InfoSec maze. Highly technical certs for firewalls, VPNs etc. should be sought elsewhere. It seems that the...
[ more ] [ reply ]
[ more ] [ reply ]
CISSP is an easy out for employers and money making enterprise for ISC2
2002-03-16
3yr CISSP
3yr CISSP
As a certified CISSP for 3 years now I agree to a large extent with the author: This is a money making enterprise that provides no real value to the employee nor the employer. This test is really like the college entrance exams in the U.S..
Want a suggestion? Develop MCSE like tests: dynamic,...
[ more ] [ reply ]
Want a suggestion? Develop MCSE like tests: dynamic,...
[ more ] [ reply ]
The CISSP replies
2002-03-16
Guy Unconvinced, TLA BFD EIEIO IMHO
Guy Unconvinced, TLA BFD EIEIO IMHO
The recurring point of the CISSPs who've responded seems to be that somehow, studying for and/or taking the test broadened their horizons. Second runnerup is that it's "unimportant" to have actual knowledge in depth as long as you know the buzzwords; "Why should a manager need to know the details" ...
[ more ] [ reply ]
[ more ] [ reply ]
Have you read the ISC2 Code of Ethics, Jon Boy?
2002-03-17
BFI
BFI
Objectives for guidance in the ISC2 Code of Ethics states the responsibility of the cert holder to "value the certificate". While compliance to this guideline is not mandatory, I think Jon Boy should fail the exam on the principle that he doesn't respect or value the designation as clearly seen in ...
[ more ] [ reply ]
[ more ] [ reply ]
CISSP - a (sometimes) necessary waste of time
2002-03-17
Anonymous
Anonymous
I've been in the security field for a couple of years now, and love it.
However, I'm sorely frustrated at the far too widespread incompetence by so many so called "experts" in the field. I've worked with several people that have such nice looking resumes - 10-20 years of "experience", manager of ...
[ more ] [ reply ]
However, I'm sorely frustrated at the far too widespread incompetence by so many so called "experts" in the field. I've worked with several people that have such nice looking resumes - 10-20 years of "experience", manager of ...
[ more ] [ reply ]
Certification epiphany?
2002-03-17
David Byrne, CISSP, MCSE, MCP+I
David Byrne, CISSP, MCSE, MCP+I
Hmmm... Certifications are general, not specific; theoretical, not practical? No. Say it ain't so.
Of course they are, and Jon Lasser obviously misses the whole point of a certification. With few exceptions (perhaps the CCIE), certifications are not intended to show aptitude for a specific subje...
[ more ] [ reply ]
Of course they are, and Jon Lasser obviously misses the whole point of a certification. With few exceptions (perhaps the CCIE), certifications are not intended to show aptitude for a specific subje...
[ more ] [ reply ]
A Certified Waste of Time
2002-03-18
Anonymous
Anonymous
I took the test with the articles' author in Vienna, VA on 3/9
Got the results this past Saturday in the mail...I passed!
Though the test covers a body of knowledge 50 miles wide and 2 inches deep, there was quite a bit that would be addressed in the everyday world - regardless if you work for...
[ more ] [ reply ]
Got the results this past Saturday in the mail...I passed!
Though the test covers a body of knowledge 50 miles wide and 2 inches deep, there was quite a bit that would be addressed in the everyday world - regardless if you work for...
[ more ] [ reply ]
A Student's View
2002-03-18
Frank Reid
Frank Reid
John,
For the last few weeks, you and I have been sitting in a CISSP prep class together. I've been spending over 7 hours a week in class and about as many at home studying for the CISSP because I believe it is a worthwhile discriminator in the field of information security. It says that I car...
[ more ] [ reply ]
For the last few weeks, you and I have been sitting in a CISSP prep class together. I've been spending over 7 hours a week in class and about as many at home studying for the CISSP because I believe it is a worthwhile discriminator in the field of information security. It says that I car...
[ more ] [ reply ]
CISSP is for Security Management
2002-03-18
Chris Shepherd
Chris Shepherd
The CISSP is not meant to be another technical excercise but is meant to ensure that a security professional truelly understands the fundamentals of business as it relates to the 10 areas. The knowledge to function within these areas takes years of training and experience and this test is meant to ...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Lack of Research Before Writing
2002-03-19
Anonymous
Anonymous
(ISC)2 offers TWO certifications. The most well-known is the CISSP which is for higher management level positions. This is what Jon admits to this test being good for. However, if he did more research, he would have realized that (ISC)2 offers a second test called the SSCP, or Systems Security ...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-19
Security Expert
Security Expert
Well everyone,
I happen to know about a dozen people who took and passed the CISSP with only a high level of experience in 1 maybe 2 of the CBK's. They all crammed for the test the night before using one of the newer study guides. Sorry, this is still a multiple choice exam and doesn't test any...
[ more ] [ reply ]
I happen to know about a dozen people who took and passed the CISSP with only a high level of experience in 1 maybe 2 of the CBK's. They all crammed for the test the night before using one of the newer study guides. Sorry, this is still a multiple choice exam and doesn't test any...
[ more ] [ reply ]
Beware Of Consultant LIke Jon Lasser
2002-03-19
Scott Sattler (5 replies)
Scott Sattler (5 replies)
It appears Mr. Lasser doesnt support standards from which to take a metric from.
Would you hire a consultant like Mr. Lasser with no certifications? How can you gauge his ability. He published an intro book to unix what qualification does that give you to use him for security consulting?
Also...
[ more ] [ reply ]
Would you hire a consultant like Mr. Lasser with no certifications? How can you gauge his ability. He published an intro book to unix what qualification does that give you to use him for security consulting?
Also...
[ more ] [ reply ]
Beware Of Consultant LIke Jon Lasser
2002-03-20
Not Impressed by a Sting of Certs (1 replies)
Not Impressed by a Sting of Certs (1 replies)
Seems to be that case that the more certs a guy has, the less experience (and therefore value) he has. I wish I had a dollar for every "certified" techie I've interviewed who couldn't answer any basic real world questions. Life is not a multiple choice test....
[ more ] [ reply ]
[ more ] [ reply ]
Beware Of Consultant LIke Jon Lasser
2002-03-20
Robert Banz, (this space for rent)
Robert Banz, (this space for rent)
I would not hire someone just on the presence of
certifications. I would hire someone, however, on the
basis of recommendations, experience (verified by
references), and a personal interview.
Certfications should be seen, like a college degree is seen
by most -- as a way to get your foot in ...
[ more ] [ reply ]
certifications. I would hire someone, however, on the
basis of recommendations, experience (verified by
references), and a personal interview.
Certfications should be seen, like a college degree is seen
by most -- as a way to get your foot in ...
[ more ] [ reply ]
Beware Of Consultant LIke Jon Lasser
2002-03-21
Mel
Mel
If you don't have enough knowledge in a field to judge a Consultants level of competence by iterviewing them yourself then the only reliable metric for judging them is reccomendations from past clients (preferably ones that you know and trust yourself or at least ones whose authenticity you can veri...
[ more ] [ reply ]
[ more ] [ reply ]
Beware Of Consultant LIke Jon Lasser
2002-04-03
Mike Rose (mbr@eclipse.net)
Mike Rose (mbr@eclipse.net)
In my experience people with certifications, especially lots of certs, are those without experience and, more importantly, skills in the field. This is changing somewhat with employer pressure for certs, but the simple fact is that certs are no indication of ability. In a previous job, none - zero...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Beware Of Consultant LIke Jon Lasser
2009-04-04
Anonymous
Anonymous
Hey Scott,
Certification are often made by companies and individuals to certify ppl like you and me. that we meet certain standards for their product. those who design certifications, have you ever met them and asked them who are they to consult others. No certification can beat practical experie...
[ more ] [ reply ]
Certification are often made by companies and individuals to certify ppl like you and me. that we meet certain standards for their product. those who design certifications, have you ever met them and asked them who are they to consult others. No certification can beat practical experie...
[ more ] [ reply ]
What does it measure?
2002-03-19
Anonymous
Anonymous
Mr. Lasser must have struck a nerve when he expressions his opinion of CISSP certification. Some of those who personally attacked Mr. Lasser showed here that their not qualified for management yet. Hope they don't actually hold CISSP certification, that would decrease it's value.
CISSP may incr...
[ more ] [ reply ]
CISSP may incr...
[ more ] [ reply ]
Lasser is both right, and wrong.
2002-03-20
Bill Schmidt, CISSP
Bill Schmidt, CISSP
The CISSP exam is a general exam, just as it is advertised. I suspect that few that pass the exam are experts in everything. However, the exam does prove that the person has a common body of knowledge. IS-Security touches nearly every aspect of Information Systems, and hopefully the person that p...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time - You mean the article right!
2002-03-20
Anonymous
Anonymous
The problem is there is a glut of certifications out in the world. If I spent my time getting all the ceritfications, I'd never get any work done or for that matter have and real-world hands on experience.
For Some time Sans has been bashing CISSP because they want the lion share of the market. ...
[ more ] [ reply ]
For Some time Sans has been bashing CISSP because they want the lion share of the market. ...
[ more ] [ reply ]
A Certified Waste of Time
2002-03-20
Anonymous CISSP
Anonymous CISSP
Just by passing Vendor specific certifications doesnt make one a security guru. As someone pointed out Security is not specific to a technology. This certification was not earned by anyone by just putting in couple of weeks of cramming. The exam required one to really understand all the domains and ...
[ more ] [ reply ]
[ more ] [ reply ]
Something to ponder
2002-03-20
jj
jj
Hello all,
As a future CISSP holder. I am in the process of studying for the exam now. I looked at all the posts and was really quite astonished at some of the remarks made by some people here. I AM going to take the CISSP test and pass, not because I think it looks great behind my name or bec...
[ more ] [ reply ]
As a future CISSP holder. I am in the process of studying for the exam now. I looked at all the posts and was really quite astonished at some of the remarks made by some people here. I AM going to take the CISSP test and pass, not because I think it looks great behind my name or bec...
[ more ] [ reply ]
Get a Life
2002-03-21
Anonymous
Anonymous
Anyone that seriously considers that a 250 question test can fully gague 10 domains and tell you that this person is qualified to do anything should take a second look. With the 'shotgun approach' they touch enough varied areas that a person has to know some of each domain in order to hope to pass...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-21
Jack
Jack
It's been a while since I've seen so many CISSP, CCIE, CNE, MCSE, ACE, CCSE, PHD types whining in one place. Obviously, the article touched a nerve. Lasser's observation was clear to me and doesn't seem offensive in the least. He points out that in many instances the CISSP is too generalized to be...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-21
Patric
Patric
What was your point? That Jon Lasser is immature and lacking integrity is the only factual thing that rings out loud and clear. I am surprised the magazine supports editors who lack ethics as Lasser clearly does.
Why not make a meaningful contribution to security instead of playing games with c...
[ more ] [ reply ]
Why not make a meaningful contribution to security instead of playing games with c...
[ more ] [ reply ]
Certificates
2002-03-21
Ernie
Ernie
A teacher is required to obtain a teaching certificate prior to teaching in a classroom. This does not make the person a teacher, but tells everyone that they have met a minimum requirement to teach. Only years of experience will provide the necessary skills to be a bonifide teacher. The same holds ...
[ more ] [ reply ]
[ more ] [ reply ]
Value
2002-03-22
Troy McCarty
Troy McCarty
Are you better than someone else just because you have a degree? Does going through the process of getting a degree have value? Does getting a degree prepare you for everything that you will need to do in life? The same arguments can be made for certifications. There is some value to certificati...
[ more ] [ reply ]
[ more ] [ reply ]
how about using some logic in your arguments?
2002-03-22
Anonymous
Anonymous
Why is it that nearly all of the attacks are attacks on Lasser and not what he wrote?
If he's wrong about something, readers like myself would like to know this. Infantile flames do not disprove any of the article, they only make your claims less credible.
I have not taken the CISSP, so I can...
[ more ] [ reply ]
If he's wrong about something, readers like myself would like to know this. Infantile flames do not disprove any of the article, they only make your claims less credible.
I have not taken the CISSP, so I can...
[ more ] [ reply ]
CISSP Behavior - Security Professional?
2002-03-23
Anonymous
No matters Jon is right or not, we can see lots of
so-called security professional argues without a point but
personal attacks.
This does not show whether the cert is useful or not,
but does show there are so many childish 'security
professional' in CISSP community already. What a JOKE
t...
[ more ] [ reply ]
Anonymous
No matters Jon is right or not, we can see lots of
so-called security professional argues without a point but
personal attacks.
This does not show whether the cert is useful or not,
but does show there are so many childish 'security
professional' in CISSP community already. What a JOKE
t...
[ more ] [ reply ]
there goes the brain
2002-03-24
Mr Morrow
Mr Morrow
I always suspected that the cissp where good for nothing !!
I asked one to actually set up ipsec once and he looked at me and said ye i know what that is , its a protocol for a vpn !!! only uses linux !!!! he was very happy and left !!
I also had a chat with a Mr Morron once the legal guy for them...
[ more ] [ reply ]
I asked one to actually set up ipsec once and he looked at me and said ye i know what that is , its a protocol for a vpn !!! only uses linux !!!! he was very happy and left !!
I also had a chat with a Mr Morron once the legal guy for them...
[ more ] [ reply ]
A Certified Waste of Time - keeping things in perspective
2002-03-25
Anonymous
Anonymous
I happen to agree with the author, to a certain degree, on his point of view. Yes, I have the certification in question (among others), but I don't feel the need to put it next to my signature to validate my ability- I personally can't stand when people do that. A certification should be pursued o...
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-25
Anonymous
Anonymous
Jon, Are not all exams in this industry a test of your cerebral retention?
You tell me the last exam you were allowed to take a book in to get the answer. It's about applying yourself. Yeah, the 10 domains are broad, but I really have expanded my security horizons and hope to use this to further ...
[ more ] [ reply ]
You tell me the last exam you were allowed to take a book in to get the answer. It's about applying yourself. Yeah, the 10 domains are broad, but I really have expanded my security horizons and hope to use this to further ...
[ more ] [ reply ]
SANS?! GIMME A BREAK!
2002-03-25
Anonymous (1 replies)
Anonymous (1 replies)
Whoever is recommending SANS for their so-called certification is merely wasting their money. SANS wants to be al things to all people as the center of the security universe. Their certification is worthless....
[ more ] [ reply ]
[ more ] [ reply ]
A Certified Waste of Time
2002-03-25
Anonymous
Anonymous
It takes a pretty arrogant person to post to the world the fact that he thinks that a test is too easy, or worthless, BEFORE getting the results back!
Imagine the embarrassment if he fails...but to an ego-maniac, he'll just not talk about it anymore.
Also, IF he does pass, the ISC^2 could revo...
[ more ] [ reply ]
Imagine the embarrassment if he fails...but to an ego-maniac, he'll just not talk about it anymore.
Also, IF he does pass, the ISC^2 could revo...
[ more ] [ reply ]
What about SCNP??
2002-03-26
Anonymous
I read the article and it doesnt make much sense for me that the author just noticed that CISSP is broad taking it. This is clear in their site. Anyway, now even Microsoft wont give us the score anymore and taking their exame candidates agree not to talk about questions as well. So there is nothin...
[ more ] [ reply ]
Anonymous
I read the article and it doesnt make much sense for me that the author just noticed that CISSP is broad taking it. This is clear in their site. Anyway, now even Microsoft wont give us the score anymore and taking their exame candidates agree not to talk about questions as well. So there is nothin...
[ more ] [ reply ]
Remember the P in CISSP
2002-03-26
Robert Kerby, CISSP
Robert Kerby, CISSP
I'm really sorry to see all the negative remarks and name calling in both this article and the responses to the article. Certifications are a neccessary if imperfect way to show that someone has not only taken a class or read a book but actually retained at least a certain percentage of the informat...
[ more ] [ reply ]
[ more ] [ reply ]
The top domain is english.
2002-03-27
Anonymous (1 replies)
Anonymous (1 replies)
Because I'm not an english nativ speaker, the hardest task is the english language.
On every third questin I have to ask me:
"what the hell is the difference between answer b or answer c....hmmm, sounds like it's the same....but there must be a difference, I know the answer, but I don't understan...
[ more ] [ reply ]
On every third questin I have to ask me:
"what the hell is the difference between answer b or answer c....hmmm, sounds like it's the same....but there must be a difference, I know the answer, but I don't understan...
[ more ] [ reply ]
It's Too Early.
2002-03-31
Colin Rous (emphatically NOT a CISSP)
Colin Rous (emphatically NOT a CISSP)
I've been in this business for a long time. Donn Parker and Bill Murray outrank me, but that's about it. I was around when CISSP certification was first being discussed. In a discussion at a security SIG group meeting with one of the proponents of the proposed CISSP, I asked him whether or not th...
[ more ] [ reply ]
[ more ] [ reply ]
Balance? Honesty? What's really best for the profession?
2002-04-01
David G.
David G.
I must say that I was disappointed by this article. I feel it's going along a path that does not serve the profession well. I also wish that I could say the tone of many of the replies surprised me. But they didn't. They also don't help the cause.
I respect Jon for his contributions. But I w...
[ more ] [ reply ]
I respect Jon for his contributions. But I w...
[ more ] [ reply ]
My Response
2002-04-02
Jon Lasser (2 replies)
Jon Lasser (2 replies)
A number of readers, mostly anonymous, have accused me of ethical impropriety, claiming that a relationship with SANS has biased me against the CISSP, and that I stand to profit from my supposed denigration of the certification. I take allegations of ethical impropriety quite seriously, so I'd like ...
[ more ] [ reply ]
[ more ] [ reply ]
My Response
2002-04-03
Not Really Anonymous
Not Really Anonymous
Hey,
Thats great and everything, Im glad you cleared up the whole SANS thing.
Since you had to fill in the bubbles and felt that certain questions were _funny_, what do you suggest an overall security certification test would be like?
I think the article would have been more interesting, if...
[ more ] [ reply ]
Thats great and everything, Im glad you cleared up the whole SANS thing.
Since you had to fill in the bubbles and felt that certain questions were _funny_, what do you suggest an overall security certification test would be like?
I think the article would have been more interesting, if...
[ more ] [ reply ]
(ISC)2 vs ethics
2002-04-06
Anonymous
Anonymous
I just finished a week a an (ISC)2 "CISSP Review Seminar" for which they charge more than twice what some other CISSP training courses cost. I was hoping that "you get what you pay for" applied in the upward direction as well as downward and was sorely disappointed.
The instructors didn't do muc...
[ more ] [ reply ]
The instructors didn't do muc...
[ more ] [ reply ]
A Certified Waste of Time
2006-11-08
Paul S. Vincent (1 replies)
Paul S. Vincent (1 replies)
I am always interested in the certification debate and peoples perceptions of different certs.
Although I agree with many of the negative points people accuse these certs of failing on, I feel they do indicate some level of knowledge.
I took my CISSP 3 days ago, and currently hold Windows 2000...
[ more ] [ reply ]
Although I agree with many of the negative points people accuse these certs of failing on, I feel they do indicate some level of knowledge.
I took my CISSP 3 days ago, and currently hold Windows 2000...
[ more ] [ reply ]
Re: A Certified Waste of Time
2007-01-07
Paul Henry CISSP
Paul Henry CISSP
Well I guess it is not as much of a "certified waste of time" as he originally thought ... apparently even an expired CISSP certification has enough value to be listed as the first among his education credentials on his current resume
http://www.tux.org/~lasser/resume.html
Paul A. Henry CISSP ...
[ more ] [ reply ]
http://www.tux.org/~lasser/resume.html
Paul A. Henry CISSP ...
[ more ] [ reply ]
Don't Take This Author Seriously
2007-05-20
Anonymous
Anonymous
Or the comments for that matter. It's obvious that Lasser doesn't understand business and even his technical knowledge is limited. Talk is cheap and it's been popular to bash certifications, degrees, and other accomplishments for years. The CISSP is what it is, a respectable certification that cover...
[ more ] [ reply ]
[ more ] [ reply ]
Poor guy!
2007-08-09
Anonymous
Anonymous
He went and wrote the exam under the impression that he will get a job of Firewall Engineer or Penetration tester! He never done the ground study on what is the objective of this certification! Uh, if he was lucky enough to pass, he might be in a role where these firewall engineers and penetration t...
[ more ] [ reply ]
[ more ] [ reply ]
"...a very broad, but very shallow, overview of computer security..."
(ISC^2) indicates very clearly that the CISSP exam is about Information Security,
not computer security; the two areas do overlap a bit, but not as much as you
think. In fact, you quote (ISC^2) as saying
"....
[ more ] [ reply ]