RE: CISSP Question



Simmons,
By claiming experience that you do not have you have "cheated". There are mechanisims for reporting people and ISC2 does take action.

As a simpler example, working in a law firm as a paralegal is not professional experience and to state that it is would be criminal misrepresentation if not outright fraud. Simiularly stating that you are professionally experianced as you have been a security guard is likewise at least negligent misrepresentation if you believe that security guards are bprofessionals or outright fraud if you ever discover that you had not been a professional.

Regards,
Craig



Craig Wright
Manager of Information Systems

Direct +61 2 9286 5497
Craig.Wright@xxxxxxxxxx
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
www.bdo.com.au

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists.

The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system.

Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator@xxxxxxxxxxx

BDO Kendalls is a national association of separate partnerships and entities.

-----Original Message-----

From: Simmons, James [mailto:jsimmons@xxxxxxx]
Sent: Thursday, 3 May 2007 8:29 AM
To: Craig Wright
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: CISSP Question

Quick corrections. I used the term cheat in a much more generalized way. I am not talking about hiding a slip of paper in your pants to help you answer questions. I am talking about a crash course / boot camp in that they teach you everything you need to know in a two week period.
They focus on questions that are likely asked on the test. I have even know some of these boot camp companies to focus on areas that are statically higher to be on the test. This is suppose to be a cert to validate your experience and skill, yes? A cram session that is teaching you new stuff is of no benefit to ISC2 credibility or the employer who will eventually hirer the individual, and is not indicative of experience gained in the field.

Google adwords:
Pass your CI SSP exam, Guaranteed. Enroll now, Save $500!


Regards,

Simmons

-----Original Message-----
From: Craig Wright [mailto:Craig.Wright@xxxxxxxxxx]
Sent: Wednesday, May 02, 2007 3:08 PM
To: Simmons, James; Florian Rommel
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: CISSP Question

And if you are EVER found to have cheated - you cert is revoked and you never get it back.

Next it is fraudulent and misrepresentation and if you use it on many legal documents could even be perjury. So yes, possible to lie, but if you get caught you go to gaol and we can all pick on the CISSP cheat who has no real experience and now has to watch the soap.

Further even after you have been in the industry, if someone discovered that you cheated 20 years back it is a continuing fraud and thus limitations (legally) only kick in when it is discovered.

So, can you rob a bank and never be caught - yes. Is this a wise decision, no. Is it legal, no. Same for the how do we find ways to cheat discussion.

Regards,
Craig



Craig Wright
Manager of Information Systems

Direct +61 2 9286 5497
Craig.Wright@xxxxxxxxxx
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 www.bdo.com.au

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists.

The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system.

Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator@xxxxxxxxxxx

BDO Kendalls is a national association of separate partnerships and entities.

-----Original Message-----

From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Simmons, James
Sent: Thursday, 3 May 2007 7:16 AM
To: Florian Rommel
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: CISSP Question

Well I can say from experience that a lot of aspiring military computer people are using that. A 4 year enlistment. Standing guard duty, firefighting, and then they reset passwords all day with little else experience. But of course on a resume/job sheet, it is easy to make it sound like you are single handedly running the entire network of 1000+ users. And for $2000 you too can attend a crash course to prep you for the test.

I find it funny/sad that there is an IT certification industry, and a "help you pass <cough>cheat</cough> an IT certification" industry.

Regards,

J.A. Simmons V
EDS - Navy Marine Corps Intranet (NMCI)
Information Assurance Engineer
3980 Sherman St. | San Diego, CA 92110
Office: 1 + 619 817 3821 | Fax: 1 + 619 817 3780 jsimmons@xxxxxxx

-----Original Message-----
From: Florian Rommel [mailto:frommel@xxxxxxxxx]
Sent: Wednesday, May 02, 2007 1:34 PM
To: Simmons, James
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: CISSP Question


Touché James. Well done you pointed the one thing out that I have been thinking about for a while as well. However in 99% I would say a person that has been on Guard duty for 4 years won't have much interest in a CISSP and then , if he should get it, will have to do quite some catching up to do.
Most employers will find it rather weird that he or she was doing guard duty
for 4 years and got a CISSP :)

I do think though that this is a viable loophole for anyone that wants to exploit it that way. I do think it is a little far fetched because you still have to show that your job included some of the actions on the list.

Good point though, I like it. Wonder what ISC2 has to say about this and how many people have used that or a similar loophole already.

Cheers,

//Flosse

http://blog.2blocksaway.com

On 5/2/07 10:57 PM, "Simmons, James" <jsimmons@xxxxxxx> wrote:

So here is a thought for everyone.

To qualify for CISSP, you should have at least four years of
experience in one of the ten domains. Of which includes Physical
Security. So with a bit of cramming, your gun cleaning, gate guard of
4 years can be a qualified CISSP with next to minimal experience in Information security.
And as per the ISC2 webpage, to qualify experience you need to have
done some of the included actions.
(https://www.isc2.org/cgi-bin/content.cgi?category=1187)

Reactions anyone?

P.S. I am not saying that all gate guards are incapable of being good CISSP's.
I am just pointing out an all too common scenario.

Regards,

Simmons

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Florian Rommel
Sent: Wednesday, May 02, 2007 10:53 AM
To: Nicolas villatte; krymson@xxxxxxxxx;
security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: CISSP Question

I agree with Nicolas here. I definitely wouldn't endorse a Desktop
Jockey with
4 years of experience. I already filed once a complaint because I know
a guy who, because he has some certifications and has worked as a pc
support, thinks he is qualified to take the exam. His "boss/ partner
in crime" was ready to sign off on it. I know for some people a
certification like the CISSP doesn't mean much but that still
shouldn't mean anyone can get in. I had my work experience fully
documented by all my previous employers before I took the exam.

Security experience in any of the 10 domains for 4 years doesnt mean
that during those 4 years you should have done something security
related at some point it means that your position was directly security related.

//flosse
http://blog.2blocksaway.com


On 5/2/07 9:47 AM, "Nicolas villatte" <Nicolas.Villatte@xxxxxxxxx> wrote:

Not really, because 5% of your time involved in security during 4
years would give you barely 2 months of experience. I don't know any
CISSP who would endorse such a candidate.

https://www.isc2.org/cgi/content.cgi?category=1187

"Applicants must have a minimum of four years of direct full-time
security professional work experience in one or more of the ten
domains of the (ISC)² CISSP® CBK®."

Regards,
Nicolas.


---------------------------------------------------------------------
-
------
--------

Nicolas VILLATTE

CISSP, GCIA, GCIH, GCFA

Sr. Security Management Specialist


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of krymson@xxxxxxxxx
Sent: mardi 1 mai 2007 14:14
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: CISSP Question

Just a quick add, don't overthink the 4 years' experience requirement.
You need that experience in any one (or more) of the 10 domains.
Honestly, if you're a desktop support jockey for 4 years and you do
some sort of security as part of your work (do you manage passwords
and/or respond to spyware incidents?), you can still qualify.
Realistically, anyone with 4 years'
experience in IT.






Relevant Pages

  • RE: CISSP Question
    ... Subject: CISSP Question ... and not necessarily endorsed by BDO Kendalls. ... years can be a qualified CISSP with next to minimal experience in Information security. ... And as per the ISC2 webpage, to qualify experience you need to have ...
    (Security-Basics)
  • RE: CISSP Question
    ... Subject: CISSP Question ... 2 Market Street Sydney NSW 2000 ... I am working VERY hard now to get my Masters in Information Systems Security as I am in a dead-end job as a Paralegal. ... To qualify for CISSP, you should have at least four years of experience in one ...
    (Security-Basics)
  • RE: CISSP Question
    ... Subject: CISSP Question ... and not necessarily endorsed by BDO Kendalls. ... Information security. ... And as per the ISC2 webpage, to qualify experience you need to have ...
    (Security-Basics)
  • RE: CISSP Question
    ... Subject: CISSP Question ... and not necessarily endorsed by BDO Kendalls. ... Of which includes Physical Security. ... And as per the ISC2 webpage, to qualify experience you need to have done ...
    (Security-Basics)
  • RE: CISSP Question
    ... Subject: CISSP Question ... In cases where one does not have the required experience, ISC2 has instituted an Associate qualification. ... So if for instance the opposing council subpoenas your CISSP records and it stated 5 years professional security experience and you had been a security guard - they will use this. ... Thus it was mentioned that the legal terminology of a profession does not matter, maybe if you never go into a court. ...
    (Security-Basics)