Anyone here a CISSP?

[SephStorm]

They accept some related experience as long as there is some security component to the job, like system administration for example, but yes, its true that they also have a minimum experience requirement.

I think that point is actually in the certifications favour (it means that the cert holder has had some hands on experience and hasnt just passed the exam right out of a certification mill), and I do meet the requirement, but regardless Im still not going to get a CISSP.

I don't like this, while I'll agree that it is a good idea, it doesn't take anything else into account, whether it be a bad economy, or someone whose just getting into a field.

Now with the CISSP in particular it makes sense, you need experience to logically perform the tasks of a CISSP, but I would not like this to be the case for other certifications. For me, when I pursue a certification, I am learning new things, not just confirming previously held knowledge. When I study for CCENT like I am currently, it is my first time working with Cisco products (excluding the requisite Linksys products). Like Lupin said, he has the knowledge and ability, he doesn't need the certification.

@theprez

Do most employers even recognize Associate of ISC? I had to consider that when I was looking at SSCP.

[lupin]

I'm actually a OSSTMM trainer now.

Cool.

I've also been looking at doing my GWAPT (which replaced GWAS)...I had hoped for this year but in reality it seems like it's gonna wait till next year

Yeah, me doing the course this year will be heavily dependent on available funding. I'm waiting for it to be available on OnDemand, as this will be slightly cheaper than going to SANS Sydney 2009 (and it being slightly cheaper will make it more likely that I'll get to do it)

I don't like this, while I'll agree that it is a good idea, it doesn't take anything else into account, whether it be a bad economy, or someone whose just getting into a field.

Yes, its a little unpopular, but as you mentioned its good for the certification (witness how the MCSE was devalued because of all the certification holders who couldn't even perform basic Windows admin tasks).

[SephStorm]

Yes, its a little unpopular, but as you mentioned its good for the certification (witness how the MCSE was devalued because of all the certification holders who couldn't even perform basic Windows admin tasks).

i've heard of this but how is that even possible? I mean its like 20 exams (exaggeration). And why would someone try to get a job as an IT Engineer with no experience? Just makes no sense to me.

[IAMZOMBIE]

i've heard of this but how is that even possible? I mean its like 20 exams (exaggeration). And why would someone try to get a job as an IT Engineer with no experience? Just makes no sense to me.

It was a different era 10 years ago.
On the radio all you heard were 'get rich quick, become a systems engineer' commercials.
I have a MCSE in NT4 and 2000 from back then, but I stopped certs all together when my manager at the time who couldn't even tell you what dhcp is got his mcse from a bootcamp. He said they feed him the actual questions for 10 hours and then he would take the test over and over until he passed. With an instructor 'watching' if necessary. I spent 13 months on the NT4 one and 11 months on the 2000 one. I was pissed.

IMO, we need something like the CPA that accountants have. An exam you take ONCE, and then just maintain with CPE.

Another thing that got to me is at one time I have 4 high level certs and then I realized, how the hell am I going to re-certify? I would have to recertify 1 exam a year. That with work = stagnation and no life.

[lupin]

i've heard of this but how is that even possible? I mean its like 20 exams (exaggeration). And why would someone try to get a job as an IT Engineer with no experience? Just makes no sense to me.

There's braindumps out there for Microsoft exams, so if you have access to these and a good memory, you can pass many of the tests without knowing much. Also a lot of the knowledge required for the tests is kind of theoretical and forgotten quickly unless you use it regularly. I have an MSCA + Security, which I completed last year, and I know I have forgotten a healthy chunk of the stuff I learned that I haven't used since, even though I understood it well at the time of the exam.

And lots of people try to get jobs that they aren't qualified for - its not just a problem in the IT field.

I only really got this Microsoft certification because it was a requirement for my Masters degree, I didn't get it out of an expectation that it would help me get a better job. The Microsoft certs don't have a good enough reputation to make it worth the effort you have to put in to getting one (your estimate of 20 tests was only a slight exaggeration, I think it takes about 8 or 9 tests to get a Server 2003 MCSE)

[SephStorm]

I think it's sad, a few bad apples in years gone by make it harder for those of us up and comming to get on a level playing field.

[Gitsnik]

I think it's sad, a few bad apples in years gone by make it harder for those of us up and comming to get on a level playing field.

"Few" hardly covers the numbers of MCSE's out there who were pumped out of the certification mills.

I've met a few CISSP's in my runs around the security industry, and have thus decided NOT to get mine anytime soon based on the majority of their knowledge (there are some - mostly whom I have never met - who go against the grain, but so far those in Australia have not instilled much faith in me). Not necessarily pertinent to the thread, but I thought I should contribute a bit after the MCSE thing.

[chrisgriffin]

Hi Thorin, Are you in the states.. or Canada?
Just curious, im a trainer too!

@ lupin

I'm actually a OSSTMM trainer now. When I joined the company I'm currently with I did both the full OPST (with the company I'm currently at) and OPSA (with Pete Herzog himself). I was pretty happy with them. ISECOM's certs are very popular in Europe and Mexico but gaining ground in North America. For the OPST we usually do a full week (5d) course with the exam on the 5th day.

I've also been looking at doing my GWAPT (which replaced GWAS)...I had hoped for this year but in reality it seems like it's gonna wait till next year

[godcronos]

Lupin: " witness how the MCSE was devalued because of all the certification holders who couldn't even perform basic Windows admin tasks"

- I don't understand how these people passed exams. I am currently studying for an MCSE. I am done with the networking part and am learning the Exchange 2003 server. It's time consuming, since I got a full time job and run a small computer business. Yes, there are a lot of exams, it's pretty crazy. Personally I can't wait to end this cert and go on with something in the security field.
We all have jobs because of Microsoft, no matter if you administer a Windows environment, or do pentesting.
I am pretty sure it's not devalued, at least I hope it's not. I still see ads and some pretty good salaries out these for system engineers( 50k-55k with no experience to 65K with experience, certified, now that's not bad at all). Well, that's what they offer in S. Cali .
I think cheap employers and stupid HR people devalue it.

[Lincoln]

- I don't understand how these people passed exams. I am currently studying for an MCSE. I am done with the networking part and am learning the Exchange 2003 server. It's time consuming, since I got a full time job and run a small computer business. Yes, there are a lot of exams, it's pretty crazy. Personally I can't wait to end this cert and go on with something in the security field.
We all have jobs because of Microsoft, no matter if you administer a Windows environment, or do pentesting.
I am pretty sure it's not devalued, at least I hope it's not. I still see ads and some pretty good salaries out these for system engineers( 50k-55k with no experience to 65K with experience, certified, now that's not bad at all). Well, that's what they offer in S. Cali .
I think cheap employers and stupid HR people devalue it.

Passing the exam isn't the hard part, it's actually knowing the material.