RE: [Full-Disclosure] Training & Certifications
From: Laura Taylor (ltaylor_at_relevanttechnologies.com)
Date: 04/06/04
- Previous message: Jos Osborne: "RE: [Full-Disclosure] A sucker is born every day"
- In reply to: Exibar: "Re: [Full-Disclosure] Training & Certifications"
- Next in thread: Exibar: "Re: [Full-Disclosure] Training & Certifications"
- Reply: Exibar: "Re: [Full-Disclosure] Training & Certifications"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Exibar'" <exibar@thelair.com>, "'Ron DuFresne'" <dufresne@winternet.com>, <full-disclosure@lists.netsys.com> Date: Tue, 6 Apr 2004 08:07:36 -0400
It sounds like this policy went into effect 10/1/03 from the looks of the
posting. This is definitely new and was not on their site when I made my
inquiry which was in 2002. The person was not mistaken as I called twice to
be sure...it is a new policy that they are not verifying...and a good thing.
It's nice to see. Thanks for pointing that out. Laura
-----Original Message-----
From: Exibar [mailto:exibar@thelair.com]
Sent: Monday, April 05, 2004 4:46 PM
To: Ron DuFresne; full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Training & Certifications
The person that Laura spoke to was mistaken, right from their website it
states:
In the interim, (ISC)2 Services, 2494 Bayshore Boulevard, Suite 201,
Dunedin, FL 34698 USA, PH: 1.888.333.4458, FX: 1.727.738.8522, will continue
to respond to any employer requests for (ISC)2 credential holder
verifications. Such requests must be in writing on the employer's company
letterhead and a release signature from the CISSP/SSCP must be included in
the request.
That's found here: https://www.isc2.org/cgi/directory.cgi
Exibar
----- Original Message -----
From: "Ron DuFresne" <dufresne@winternet.com>
To: "Dave Howe" <DaveHowe@cmn.sharp-uk.co.uk>
Cc: "Email List: Full Disclosure" <full-disclosure@lists.netsys.com>; "Laura
Taylor" <ltaylor@relevanttechnologies.com>
Sent: Monday, April 05, 2004 2:16 PM
Subject: Re: [Full-Disclosure] Training & Certifications
>
> [orig snipped]
>
> This was recently posted to the firewall wizards list, and relates to this
> topic;
>
> From: Laura Taylor <ltaylor@relevanttechnologies.com>
> Subject: RE: [fw-wiz] Seeking input: Research Proposal: "Is a third
> position
> possible?"
> Cc: firewall-wizards@honor.icsalabs.com
> Date: Fri, 2 Apr 2004 10:30:33 -0500
> To: 'Crispin Cowan' <crispin@crispincowan.com>,
> "'Holt, Philip'" <holtp@seattleu.edu>
>
> Something curious to know about CISSP is this....
>
> I was thinking of hiring a person with a CISSP and called up ISC2 to
> verify
> if they really were a CISSP. ISC2 told me that they never verify if anyone
> is a CISSP as it is an invasion of the person's privacy. I then asked them
> how could I know for sure if this person really was a CISSP and told them
> that the person was not listed in the CISSP database on the ISC2 web site.
> They then told me that not all CISSPs are listed in the database because
> some don't want to be listed. They told me that the only way to verifiy if
> a person is a CISSP is to ask them for their certificate. I then asked
> them if all certificates look exactly alike and can they tell me how to
> know if a certificate it authenticate. I was told that all certificates do
> not look exactly alike and that they have changed their look over the
> years so there is no way to know if a particular certificate is real or
> not.
>
> After much discussion, it became clear that they were not willing to
> verify if anyone is a CISSP, and that there was no way for anyone to
> really verify this information unless the person chooses to be listed in
> the database on the ISC2 web site. I told them that in my opinion their
> process for certification was not consistent with the concept of "trust,
> but verify" and I ended up not hiring the person I had originally
> interviewed.
>
> If a certification cannot be verified, to me it is worthless. I'd rather
> hire an MCSE because Microsoft is willing to verify all their
> certifications.
>
> The philosophies and ethics of 2600 could possibly be questionable, but I
> dare say that ISC2 is not at all the organization that I once thought it
> to be.
>
> Laura
>
>
>
>
> Thanks,
>
> Ron DuFresne
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> "Cutting the space budget really restores my faith in humanity. It
> eliminates dreams, goals, and ideals and lets us get straight to the
> business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***
>
> OK, so you're a Ph.D. Just don't touch anything.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Jos Osborne: "RE: [Full-Disclosure] A sucker is born every day"
- In reply to: Exibar: "Re: [Full-Disclosure] Training & Certifications"
- Next in thread: Exibar: "Re: [Full-Disclosure] Training & Certifications"
- Reply: Exibar: "Re: [Full-Disclosure] Training & Certifications"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
