I've been following this argument for the past two weeks and I agree
with what Paul iterates. Certification is for those who are clueless.
Anybody can pass a test, multiple-guess exams from my college days
prove this. The question is, can those who are *certified* apply the
knowledge? Myself, I don't give brass farthing on being *certified*,
rather my, and other esteemed readers of this list, actions speak
louder than any certificate or diploma.
Anyway, that's my 2 cents worth, flame away!(or is that FLAME ON!)
Defense Distribution Center
New Cumberland, PA
email: dkeller @
______________________________ Reply Separator _________________________________
Subject: Re: Use the CISSP, Luke (was Re: Certifiying Security Audito
Author: "Paul D. Robertson" <proberts @
net> at internet01
Date: 2/19/98 7:18 PM
On Wed, 18 Feb 1998, Anton J Aylward wrote:
> But what gets me is that you're crying out for something
> positive, and when other people do offer something positive,
> not perfect, because this isn't a perfect world, but a start,
> and something better than what went before, rather than
> investigate, you condemn. Not only that, but you cast
I'm not sure that I buy this predicate. It would seem to me that
there is a strong vector of argument that says that certification *isn't*
"better than what went before". In _some_ cases it may be better, in
others it may be *worse*. I think we can all drudge up examples of
people with certifications and a complete lack of clue. If certification
programs perpetuate that state of events, then perhaps we actually are
better off without them, or as Bennett suggests, using them as negative
Let's examine this from another angle, and see why we're at where we
are. What exactly would drive someone like myself or Bennett to take
such a course? If you have Information Security Professionals who have
no interest in the certification process, then I think you're missing
more than you're gaining.
I've made the transition from a mainframe environment to a multi-platform
one. The only people I've seen actively looking to take the CISSP are
folks who were unable to transition effectively and needed paper proof
that they could. I have no doubt that there are folks with a CISSP who
know what they're doing, but there are enough of the other kind, and the
parroting sort to make it less than useful as a metric.
> And I thought this wasn't USENET. It seems I was mistaken.
muc.lists.firewalls if the gateway ever got fixed ;)
Paul D. Robertson "My statements in this message are personal opinions
net which may have no basis whatsoever in fact."