From: Gary Duncanson (gary.duncanson@googlemail.com)
Date: Thu Feb 21 2008 - 05:47:45 ARST
I agree that many CISSP holders wouldn't know how to start hardening a
network. Like you point out it's not primarily technical (or vendor
specific) like for example the CCIE Security and seemed to attempt to fill a
space years after networks have been exploited in a multitude of different
ways with an increasing multitude of attacks and mitigation methods
constantly emerging. Perhaps it would be futile for the CISSP (or any
certificate for that matter to attempt to keep up with all that), so it
tries to cover 'domains' without being too deep to provide reference points.
To what extent it does that well is debatable.
The CISSP has been one of those things on my backburner for a while now. I
can never seem to find enough reasons to do it. Im still debating if I
should put the time in to pass what by many accounts is a 'silly exam'.
Perhaps I might learn something, who knows. There are people who believe it
is a bu11sh1t certification but then it isn't supposed to be technical is
it? More a tick box for the management types who like to see a certification
for everything. At least that's what I have heard from people who have the
cert. And yes a lot of people have the cert who don't have the necessary
experience...A mile wide and an inch deep is a phrase I hear a lot about the
CISSP.
----- Original Message -----
From: "Joseph Brunner" <joe@affirmedsystems.com>
To: "'Lab Dude'" <ccielabdude@gmail.com>; "'Alan Chng'" <ccieteam@gmail.com>
Cc: <ccielab@groupstudy.com>
Sent: Wednesday, February 20, 2008 4:26 PM
Subject: RE: Moving away from Cisco
>I think the CISSP (ISC2) is utterly useless. Several of my CCNA students
> have been active CISSP's. Their knowledge of even basic acl's, storm
> control
> techniques, attack mitigation methods and other such issues is simply not
> there. Worse, even things like "alice and bob", why we have asymmetric key
> encryption, key escrow systems, and basic theory surrounding the nist/aes
> selection criteria that led to rijndael besting other ciphers was either
> not
> tested on the CISSP, or not presented in a meaningful way to allow the
> candidate to learn how to apply the theory to the real world practice. I
> made it a point of getting as much information from them as possible. I
> can
> say the cert has no practical, theoretical or logical use in a modern
> security marketplace.
>
> I need a firewall, two-form factor authentication, and 1 class "ABC" rated
> dry fire extinguisher for every 450 square feet of data center space... I
> need a cert to tell me that?
>
> The more CISSP's I meet the more confident I feel the CCIE Security is the
> excaliber. Why swing an inferior sword in battle?
>
> The CISSP was obviously created to give non-technical folks the ability to
> get billing rates for EY and other Brooks brother's catalog body shops who
> fill my clients conference rooms with paper boxes and force me to teach
> them
> how to put a wpa key into windows.
>
> Nuff' said.
>
> -Joe
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Lab
> Dude
> Sent: Wednesday, February 20, 2008 8:53 AM
> To: Alan Chng
> Cc: ccielab@groupstudy.com
> Subject: Re: Moving away from Cisco
>
> Hi Alan,
>
> I personally think that as a Network Support
> Engineer/Consultant/Architect/Designer one needs to have a diversified
> portfolio. By that I mean being familiar with a variety of different
> vendors
> products and technologies in order to be successful at what you do,
> assuming
> you don't only work with a single vendor equipment/technology all the time
> at your day job. I personally wouldn't want to put all my eggs in one
> basket, unless I work for a particular vendor and have no choice but to
> pursue that vendor's products/technology :-)
>
> Lets face it, Cisco is the leading vendor at this time when it comes to
> Data
> Networking (Enterprise and SP space both) with Juniper as the next major
> competitor. Working towards CCIE is great, and I personally think that one
> needs to have at least CCIE R&S along with 5-6 years of hands-on
> experience
> with Cisco kit. I think CCIE R&S gives you a good solid exposure to core
> Cisco technologies. If you feel that you work more with other aspects of
> Cisco (like SP, Security, Voice etc) on a day to day basis, then either
> one
> of those CCIEs would be a good option to pursue after you get your CCIE
> R&S.
> I personally don't recommend getting more than 2 CCIEs (at max) unless you
> plan to work at Cisco TAC, or as a NCE/SE at Cisco. Most large
> organizations
> are multi-vendor these days and usually prefer candidates who have had
> exposure to different vendor kit with the ability to think outside the box
> :-)
>
> In the SP and Enterprise space, Juniper is the leading competitor of
> Cisco.
> Hence, if you plan to target SP or Enterprise space (which is where most
> networking folks are focused at currently), I would get some form of
> Juniper
> certification (along with some hands-on experience) to back it up along
> with
> a CCIE R&S. This would help increase your marketability. From a potential
> employers perspective, 2x CCIE might be better than 1xCCIE R&S and some
> other vendor certification (for instance Juniper) along with some hands-on
> experience of both vendors to back it up. Theres no point in getting
> multiple certifications without any real hands-on experience with the
> particular vendor kit. Its almost as good as not having the certification.
>
> If you are focusing on Security space, after getting your CCIE R&S, maybe
> you might want to focus on getting CCSP first, then CCIE Security. Once
> you
> have achieved CCIE Security (or are working towards it), you might want to
> consider other Security certifications like CISSP (ISC2) or some Check
> Point
> stuff (like CCSA or CCSE).
>
> These days Wireless/WiMax is hot too. Might be worth exploring options in
> that area, if you want to diverge from Cisco/Juniper.
>
> Going for other vendors like Alcatel, Lucent, Siemens, Tellabs, Ericsson
> might be good, but I would explore the job market for folks with that
> vendors technology in isolation, and check out the salary range and skills
> demand etc. There is no point in focusing on *a* particular vendor in an
> attempt to shy away from Cisco/Juniper, just to find out that you are
> limiting your job scope, and future job/growth prospects.
>
> My two cents.
>
>
>
> On Feb 20, 2008 12:23 PM, Alan Chng <ccieteam@gmail.com> wrote:
>
>> Fellow experts,
>>
>>
>> Considering the amount of time and 'sacrifice' made to achieve
>> the
>> CCIE and make our mark in the networking field, would anyone here
>> contemplate on moving to a role supporting another vendor (e.g. Alcatel,
>> Tellabs, Ericsson) ??. I'm referring to a role which requires in-house
>> training to learn the intricacies, proprietary protocols and CLI of the
>> vendor and be completely "isolated" from the Cisco world. I'm discounting
>> Juniper since I tend to see them in the same market segment.
>>
>> Would anyone do it? And if so, what would be the factor? Better
>> opportunity?
>> Less competition? Another challenge?
>>
>> I find the switchover challenging as I believe a lot of us started the
>> CCIE
>> journey more as a hobby and through the course of the time and developed
>> a
>> familiarity to the IOS, not to mention the resources, information,
>> forums/communities that are widely available today.
>>
>>
>> Any opinions will be much appreciated
>>
>> Regards,
>> Alan
>> CCNP/IP/SP, R&S due in May
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:49 ARST