From: keith tokash (ktokash@hotmail.com)
Date: Thu Feb 21 2008 - 23:43:42 ARST
I've got that dumb cert. In fact I let it expire and re-cert'd. Why?
Because if I had to put a number on it, I'd say that it added about 10k to my
yearly salary. Geeks laugh at it, and they should if it's presented as
anything technical, but MBA types love that thing, and they're the ones
stamping yes or no on your salary counter-offer (know you enemy :) ).
I consider it the bare minimum for anyone working in security. If you want to
secure my application, you should know what business continuity means. Not in
great detail, but enough to not smile and nod if it comes up. Bare minimum,
that's all. ISC2 feels differently, or they wouldn't keep raising the
experience requirements for sitting for the exam in a futile attempt to stave
off the bootcamps that can get a candidate through the exam in a week of
cramming.
If the test can be passed in less than a month, it's crap. Or at the least
entry-level. To paraphrase a similar philosophical discussion regarding the
GED, "Let me get this straight. You can make up four years of high school ...
in two hours." -- Chris Rock
So my recommendation - if you're going to consult, get the cert. Eventually
someone you run into is going to list it as a requirement, or a "plus", and
it's easy to get. BTW, they charge something like $80/year for ... something.
Not sure, might be a union racket or something, next time I'm in Chi-town I'll
ask around for ISC2 guys pouring $300 bottles of champagne on 20 year old
girls.
With a few exceptions, secrecy is deeply incompatible with democracy and with
science.
--Carl Sagan
> To: joe@affirmedsystems.com
> CC: ccielab@groupstudy.com
> Subject: Re: Moving away from Cisco
> Date: Thu, 21 Feb 2008 07:47:45 +0000
> From: gary.duncanson@googlemail.com
>
> I agree that many CISSP holders wouldn't know how to start hardening a
> network. Like you point out it's not primarily technical (or vendor
> specific) like for example the CCIE Security and seemed to attempt to fill a
> space years after networks have been exploited in a multitude of different
> ways with an increasing multitude of attacks and mitigation methods
> constantly emerging. Perhaps it would be futile for the CISSP (or any
> certificate for that matter to attempt to keep up with all that), so it
> tries to cover 'domains' without being too deep to provide reference points.
> To what extent it does that well is debatable.
>
> The CISSP has been one of those things on my backburner for a while now. I
> can never seem to find enough reasons to do it. Im still debating if I
> should put the time in to pass what by many accounts is a 'silly exam'.
> Perhaps I might learn something, who knows. There are people who believe it
> is a bu11sh1t certification but then it isn't supposed to be technical is
> it? More a tick box for the management types who like to see a certification
> for everything. At least that's what I have heard from people who have the
> cert. And yes a lot of people have the cert who don't have the necessary
> experience...A mile wide and an inch deep is a phrase I hear a lot about the
> CISSP.
>
>
> ----- Original Message -----
> From: "Joseph Brunner" <joe@affirmedsystems.com>
> To: "'Lab Dude'" <ccielabdude@gmail.com>; "'Alan Chng'"
<ccieteam@gmail.com>
> Cc: <ccielab@groupstudy.com>
> Sent: Wednesday, February 20, 2008 4:26 PM
> Subject: RE: Moving away from Cisco
>
>
> >I think the CISSP (ISC2) is utterly useless. Several of my CCNA students
> > have been active CISSP's. Their knowledge of even basic acl's, storm
> > control
> > techniques, attack mitigation methods and other such issues is simply not
> > there. Worse, even things like "alice and bob", why we have asymmetric
key
> > encryption, key escrow systems, and basic theory surrounding the nist/aes
> > selection criteria that led to rijndael besting other ciphers was either
> > not
> > tested on the CISSP, or not presented in a meaningful way to allow the
> > candidate to learn how to apply the theory to the real world practice. I
> > made it a point of getting as much information from them as possible. I
> > can
> > say the cert has no practical, theoretical or logical use in a modern
> > security marketplace.
> >
> > I need a firewall, two-form factor authentication, and 1 class "ABC"
rated
> > dry fire extinguisher for every 450 square feet of data center space... I
> > need a cert to tell me that?
> >
> > The more CISSP's I meet the more confident I feel the CCIE Security is
the
> > excaliber. Why swing an inferior sword in battle?
> >
> > The CISSP was obviously created to give non-technical folks the ability
to
> > get billing rates for EY and other Brooks brother's catalog body shops
who
> > fill my clients conference rooms with paper boxes and force me to teach
> > them
> > how to put a wpa key into windows.
> >
> > Nuff' said.
> >
> > -Joe
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Lab
> > Dude
> > Sent: Wednesday, February 20, 2008 8:53 AM
> > To: Alan Chng
> > Cc: ccielab@groupstudy.com
> > Subject: Re: Moving away from Cisco
> >
> > Hi Alan,
> >
> > I personally think that as a Network Support
> > Engineer/Consultant/Architect/Designer one needs to have a diversified
> > portfolio. By that I mean being familiar with a variety of different
> > vendors
> > products and technologies in order to be successful at what you do,
> > assuming
> > you don't only work with a single vendor equipment/technology all the
time
> > at your day job. I personally wouldn't want to put all my eggs in one
> > basket, unless I work for a particular vendor and have no choice but to
> > pursue that vendor's products/technology :-)
> >
> > Lets face it, Cisco is the leading vendor at this time when it comes to
> > Data
> > Networking (Enterprise and SP space both) with Juniper as the next major
> > competitor. Working towards CCIE is great, and I personally think that
one
> > needs to have at least CCIE R&S along with 5-6 years of hands-on
> > experience
> > with Cisco kit. I think CCIE R&S gives you a good solid exposure to core
> > Cisco technologies. If you feel that you work more with other aspects of
> > Cisco (like SP, Security, Voice etc) on a day to day basis, then either
> > one
> > of those CCIEs would be a good option to pursue after you get your CCIE
> > R&S.
> > I personally don't recommend getting more than 2 CCIEs (at max) unless
you
> > plan to work at Cisco TAC, or as a NCE/SE at Cisco. Most large
> > organizations
> > are multi-vendor these days and usually prefer candidates who have had
> > exposure to different vendor kit with the ability to think outside the
box
> > :-)
> >
> > In the SP and Enterprise space, Juniper is the leading competitor of
> > Cisco.
> > Hence, if you plan to target SP or Enterprise space (which is where most
> > networking folks are focused at currently), I would get some form of
> > Juniper
> > certification (along with some hands-on experience) to back it up along
> > with
> > a CCIE R&S. This would help increase your marketability. From a potential
> > employers perspective, 2x CCIE might be better than 1xCCIE R&S and some
> > other vendor certification (for instance Juniper) along with some
hands-on
> > experience of both vendors to back it up. Theres no point in getting
> > multiple certifications without any real hands-on experience with the
> > particular vendor kit. Its almost as good as not having the
certification.
> >
> > If you are focusing on Security space, after getting your CCIE R&S, maybe
> > you might want to focus on getting CCSP first, then CCIE Security. Once
> > you
> > have achieved CCIE Security (or are working towards it), you might want
to
> > consider other Security certifications like CISSP (ISC2) or some Check
> > Point
> > stuff (like CCSA or CCSE).
> >
> > These days Wireless/WiMax is hot too. Might be worth exploring options in
> > that area, if you want to diverge from Cisco/Juniper.
> >
> > Going for other vendors like Alcatel, Lucent, Siemens, Tellabs, Ericsson
> > might be good, but I would explore the job market for folks with that
> > vendors technology in isolation, and check out the salary range and
skills
> > demand etc. There is no point in focusing on *a* particular vendor in an
> > attempt to shy away from Cisco/Juniper, just to find out that you are
> > limiting your job scope, and future job/growth prospects.
> >
> > My two cents.
> >
> >
> >
> > On Feb 20, 2008 12:23 PM, Alan Chng <ccieteam@gmail.com> wrote:
> >
> >> Fellow experts,
> >>
> >>
> >> Considering the amount of time and 'sacrifice' made to achieve
> >> the
> >> CCIE and make our mark in the networking field, would anyone here
> >> contemplate on moving to a role supporting another vendor (e.g. Alcatel,
> >> Tellabs, Ericsson) ??. I'm referring to a role which requires in-house
> >> training to learn the intricacies, proprietary protocols and CLI of the
> >> vendor and be completely "isolated" from the Cisco world. I'm
discounting
> >> Juniper since I tend to see them in the same market segment.
> >>
> >> Would anyone do it? And if so, what would be the factor? Better
> >> opportunity?
> >> Less competition? Another challenge?
> >>
> >> I find the switchover challenging as I believe a lot of us started the
> >> CCIE
> >> journey more as a hobby and through the course of the time and developed
> >> a
> >> familiarity to the IOS, not to mention the resources, information,
> >> forums/communities that are widely available today.
> >>
> >>
> >> Any opinions will be much appreciated
> >>
> >> Regards,
> >> Alan
> >> CCNP/IP/SP, R&S due in May
>
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:49 ARST