RE: CISSP Question

To be a solicitor or a barrister (or attorney in the US) costs more than
IT. They do not have a level of complexity that exceeds many IT Certs to
the level of which the cost can be reflective.

$400 for ISC2 is not a lot of money in the real scheme of things. My
Masters degrees have cost on average $23,400 each. The doctorate more.
$400 is in comparison - petty cash.

There is marketing, there is administration there are many costs that
you are not considering. Some are commercial, others are not for profit.
In either case (even the strictly commercial ones) they are not making
the money that you presume that they make.

As an alternative, you could complete a 6 sigma blackbelt, the end
result is a similar earning potential to IT Security as it currently
stands. However, this business certification will set you back $9-10K
(or more). Far more costly than a CISSP and far more difficult.

Regards,
Craig



Craig Wright
Manager of Information Systems

Direct +61 2 9286 5497
Craig.Wright@xxxxxxxxxx
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
www.bdo.com.au

Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists.

The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system.

Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator@xxxxxxxxxxx

BDO Kendalls is a national association of separate partnerships and entities.

-----Original Message-----

From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Simmons, James
Sent: Friday, 11 May 2007 4:10 AM
To: david.a.harley@xxxxxxxxx
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: CISSP Question

David,
A point is that it can be cheap to run these certifications. It is
currently being done, with better results, and with a smaller pool of
customers. Which is why I do have an inherent distrust of certification
companies. Now I cannot say about the degree of work that goes into
creating any IT certs. But I do know that it should be pretty
self-sustaining after the initial investment of research.

I am not saying that they do not serve a purpose, nor that they are not
needed. If you are trying to make a standardized baseline of skill, then
it should be accessible to everyone. It is the difference between a $400
cert and a $50 cert. If everyone can actually have the chance to obtain
the certification without any adverse financial hardships, then you will
have a cert that will be closer to actually representing a baseline.
Right now there are too many people out there that can easily pass these
tests, but do not take them for one reason or another. (Usually price is
a big motivation.)

Take ISC2 for example (because I am really trying not to pick on them,
but they are the best known). Why are their tests $400?

-To develop the tests? Their model is in place to minimize the cost of
developing tests. Someone develops a question, it gets reviewed and then
submitted to a current test to determine the percentages of people that
are confused by the question, or what not.

-To supply training for the certs? This is very counter productive to a
certification. Are you going to teach the people, what they need to
know, to pass a test to prove that they do indeed have experience and
training in this skill (As is the case in SANS certs and boot camps)? I
can understand offering a review class or something of the sort, just to
go over broadly what is covered and who the test is laid out. That is
test prep work and that is more understandable then an actual class
covering what they are already suppose to know. On a side note, I am not
aware of ISC2 actually hosting training classes other then the review
classes I would love to find out if anyone actually paid for one of
these review tests, and what was the mentality of the tests?

-And as for designing the test, that should have already been done, and
updated as need be. That should have been an original cost at the
beginning.

-And finally man hours for administrating the tests. I can understand
this cost, but then after taking the test, what is the purpose of the
annual maintance fee?

Now SANS is all messed up. I can understand the use of certifications,
and I think they are more credible them most since they started as a
repository for various Security related information. But then they also
run these boot camps that teach you what they are trying to prove that
you have a skill set in. That is just backwards. No other company I have
found, blatantly offers a crash course in their certifications. That
just reeks of a money making scam.

Regards,

Simmons

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of David Harley
Sent: Thursday, May 10, 2007 3:10 AM
To: 'April Carson'; Simmons, James; 'Yousef Syed'
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: CISSP Question

"I stand on the belief that you should not have to spend tons of money

to prove your worth."

PERFECT!!

Indeed. But it's an ideal, not real life.

Forget the security Certs. Most of us are, in the job market and
elsewhere, to some extent defined by our qualifications, from school
level certifications to first and higher degrees, to all manner of
vocational qualifications. And they nearly all cost money. Of course, we
don't always spend our own money on them: I don't think I've ever spent
my own money on a vocational qualification, or even . I realize that
some people do (for instance, to break into an area where they aren't
already working for someone who's prepared to help them with
professional development) and I think it's unreasonable to suggest that
they shouldn't commit money, time and effort into self-development. The
point, though, is that most qualifications cost someone money, and some
of them cost a lot more than CISSP, GIAC etc. But they're an attempt
(however imperfect) to measure baseline ability by objective criteria.
If you're saying that we should assess others purely by our own
instincts and abandon all attempts to assess objectively, you must have
more faith in the human race than I do.

As for the cost issues, let's remember that it's not cheap to implement
certs, supply training for them, design and implement testing, and so
on. In other words, certifying bodies don't work for free, though not
all are for-profit and keep costs down by using certified volunteers,
for example.

Mr Simmons, I don't use those letters after my name to "prove" that I'm
"important next to others". I use them (sometimes) because some
customers, publishers etc. find it reassuring that I've signed up to a
baseline level of professional development and ethical standards in the
field in which I work. It helps that unlike most of the vocational certs
I've picked up over the years, they compress to an acronym that doesn't
bloat my signature.
Since I am not "validated" by an impressive job title or affiliation
with a major corporation, they give a very, very slight indication of
where I am in the foodchain. But they don't prove I'm not an idiot. :)

--
David Harley CISSP, Small Blue-Green World Security
Author/Editor/Consultant/Researcher
AVIEN Guide to Malware:
http://www.smallblue-greenworld.co.uk/pages/avienguide.html
Security Bibliography:
http://www.smallblue-greenworld.co.uk/pages/bibliography.html

Relevant Pages

  • RE: CISSP Question
    ... However if someone was going to invest money into their ... certification then perhaps you wasted your time. ... to some extent defined by our qualifications, ... And they nearly all cost money. ...
    (Security-Basics)
  • RE: CISSP Question
    ... Forget the security Certs. ... And they nearly all cost money. ... Security Author/Editor/Consultant/Researcher ...
    (Security-Basics)
  • Re: New Organic Inspection Rules
    ... find the cost of certification too burdensome. ... the amount is 100 pounds or 1,000,000 pounds. ... farmer and roaster. ...
    (alt.coffee)
  • RE: CISSP Question
    ... A point is that it can be cheap to run these certifications. ... creating any IT certs. ... That should have been an original cost at the ... And they nearly all cost money. ...
    (Security-Basics)
  • Re: High Cost of Sportplanes
    ... That's a good point about the tiny cost of LSA certification. ... In fact LSA "certification" bears no resemblance to the conventional certification we are all familiar with. ... it simply involves building a prototype and then filling out a bunch of paperwork stating that your plane and manufacturing setup complies with the standards. ...
    (rec.aviation.homebuilt)
Quantcast