From: Colin McNamara (Colin@2cups.com)
Date: Tue May 06 2008 - 13:31:48 ART
While the security CCIE is an outstanding certification, by design it is
focused on configuring devices to secure assets and mitigate network
based attacks.
This is a critical piece of a companies security strategy, but by itself
it is only one piece of an effective security program.
For example, you firewall can be rock solid, you IDS's tuned perfectly,
your NOC staffed with Security CCIE's. But if you don't have the right
processes and controls in place, your janitor could walk out with your
backup tapes. Or, your documented controls may not be up to snuff and
you may get hit on an audit, pushing out a critical b2b integration.
These type of issues are outside of the scope of the Security CCIE, but
well within the scope of the CISSP.
And, one thing to keep in mind. Check the latest salary surveys. Last
time I checked the CISSP was worth about a 10k bump in salary. That
doesn't sound worthless to me.
-- Colin McNamara (858)208-8105 CCIE #18233,RHCE,GCIH http://www.colinmcnamara.com http://www.linkedin.com/in/colinmcnamara"The difficult we do immediately, the impossible just takes a little longer"
Cisco Nuts wrote: > CISSP is a worthless certification !!! > > It is nothing but a theory exam that tests if you have "memorized" the > answers !! > > No practical real world usage for it !! > > It is only for folks who have tried the CCIE/CCSP and failed !! > > Yes, that is the fact...!! > > > My Boss who is a CISSP cannot differentiate b/w a FW/IDS or a VPN - > talk about it !! > > CCIE-Security is one true cert for Security..... > > > > > > Date: Tue, 6 May 2008 08:59:29 -0700 > > From: Colin@2cups.com > > To: joe@affirmedsystems.com > > CC: dale.shaw@gmail.com; ccielab@groupstudy.com > > Subject: Re: How to Become a CCIE v2 > > > > I second Joseph here. I work with some AMAZING security professionals, > > that just HAPPEN to have their CISSP certification. > > I also have met people that have absolutely no practical security > > (attack mitigation, incident response, forensics) knowledge at all, who > > maintain their CISSP. > > > > The CISSP in itself is very high level and theoretical. This maps into > > the core process and compliance issues that many security professionals > > have to deal with today. > > What it is not is an exam based around skills, like GIAC series or CEH. > > > > -- > > Colin McNamara > > (858)208-8105 > > CCIE #18233,RHCE,GCIH > > http://www.colinmcnamara.com > > http://www.linkedin.com/in/colinmcnamara > > > > "The difficult we do immediately, the impossible just takes a little > longer" > > > > > > Joseph Brunner wrote: > > >> Perhaps Cisco could consider a system like CISSP > > >> > > > > > > Um, no thanks... > > > I work with several CISSP's. They have almost ZERO practical security > > > knowledge... > > > > > > Just last Friday I had to teach one of these endorsed "professionals" > > > The pix, subnetting, writing ACL's, etc, why we do nonat's, etc. > > > > > > What good is a certification if does not give you any > training/knowledge > > > that allows you to do anything in the real world? > > > > > > The CISSP has become so devalued because it's a life raft for > non-technical > > > people who want to work in IT. > > > > > > Anyone who has a good working relationship with their boss can be > > > endorsed... My old boss would have endorsed me robbing a liquor > store if I > > > promised him an ecstasy tab and a night with my girlfriend... does > this make > > > his endorsement valuable? > > > > > > -Joe > > > (Back on dagobah/rtp in July for a REAL security test ;) > > > > > > > > > > > > -----Original Message----- > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On > Behalf Of Dale > > > Shaw > > > Sent: Tuesday, May 06, 2008 1:27 AM > > > To: ccielab@groupstudy.com > > > Subject: Re: How to Become a CCIE v2 > > > > > > Irrespective of how hard or not the CCIE lab is, I agree with one key > > > point that the original poster made: > > > > > > Just like every other vendor certification, there is no way for a > > > prospective employer, or anyone for that matter, to differentiate > > > between someone who has years and years of practical experience and > > > blitzed the lab first go, and someone with relatively limited > > > experience but who brute-forced their way through. > > > > > > The end result is "CCIE", not "CCIE (passed first go)" or "CCIE > > > (passed on the 5th attempt)". In my opinion, despite the practical > > > nature of the lab, it is still possible to be a "paper CCIE". > > > > > > To use the fruit comparison analogy in a different way: comparing > > > CCIEs can indeed be like comparing apples and oranges! -- some are > > > good, some are bad. > > > > > > Perhaps Cisco could consider a system like CISSP, whereby you have to > > > be endorsed by someone who is already certified, and/or you have to > > > meet other pre-requisites, like number of years of relevant work > > > experience. > > > > > > cheers, > > > Dale > > > > > > > > > > _______________________________________________________________________ > > > Subscription information may be found at: > > > http://www.groupstudy.com/list/CCIELab.html > > > > > > > > > > _______________________________________________________________________ > > > Subscription information may be found at: > > > http://www.groupstudy.com/list/CCIELab.html > > > > > > _______________________________________________________________________ > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > > > > > > > > > ------------------------------------------------------------------------ > With Windows Live for mobile, your contacts travel with you. Connect > on the go. > <http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_Refresh_mobile_052008>
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:16 ART