Good post! Still, companies are hiring CISSP's and they think they're getting at least five years of experience in infosec with it. Many people are SEVERELY padding their experience and are not full time infosec people, certainly not for five years...

I know people who crammed the CISSP from books in three or four WEEKS!!! They have no clue. While it is true that DR and policy is great and that there needs to be an overall understanding of the 'big picture' or what you rightfully called the need to 'come up for air' there also needs to be some understanding of the technical, and some hands on experience. Managers want the impossile in silly amounts of time. How else would they ask you to do things that take days in the best scenario in a few hours? They do that because they THINK they know about it be caus they READ it somewhere. They never did it, stayed up for a half a week at at time in the server room with a cot for a bed...


It's kinda like when the military academy 'officers' come to a war zone and get to tell the real soldiers who actually get shot at for a living what to do, based on all kinds of fancy theories they learned in college...


Yeah, the CISSP has its place, but the problem is that companies mistake it for experience and ability, not just a big picture understanding...

GS

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/67/11384#11384