[SC-L] Announcing LAMN: Legion AgainstMeaningless certificatioNs
Jim Manico
jim at manico.net
Sat Mar 21 17:43:59 EST 2009
It really depends on what you are hiring for.
If we are talking App/Software security - like Gary has said many times - I would rather hire a software guy and train them about security. Doing it the other way around is almost impossible. How can you really do software security if you are netsec expert with no experience writing real software? This is especially true if you are taking a more strategic approach to software security.
And the opposite is true - hiring a coder to lock down a network probably isn't the best hiring choice! =)
What really bothers me is that the CSSLP looks appsec operations focused - not developer SDLC focused (or so I've heard). The SANS cert for software security seems to drill a lot more into actual activities a developer should take in order write secure code and seems somewhat reasonable to me. I think a secure software architecture cert would round out current offerings well.
----- Original Message -----
From: Joe Teff
To: SC-L at securecoding.org
Sent: Friday, March 20, 2009 8:38 PM
Subject: Re: [SC-L] Announcing LAMN: Legion AgainstMeaningless certificatioNs
I notice certs like CISSP when hiring. It says the person has a basic understanding of all IS security areas. Nothing more. If someone can't pass the CISSP then I have to wonder why.
-----Original Message-----
From: Paco Hope <Paco at cigital.com>
To: "SC-L at securecoding.org" <SC-L at securecoding.org>
Date: Thu, 19 Mar 2009 11:36:45 -0400
Subject: Re: [SC-L] Announcing LAMN: Legion Against Meaningless certificatioNs
On 3/18/09 5:29 PM, "Jeremy Epstein" <jeremy.j.epstein at gmail.com> wrote:
> If you don't have a CISSP, CISM, MCSE, or EIEIO - and you're proud of it
...then I'd say you have an overly simplistic view of the world.
Anyone who believes that a credential automatically conveys some magical
knowledge that you didn't have before is just as overly-simplistic as
someone who disparages all credentials equally. It just isn't a black and
white world.
Paco
--
Paco Hope, CISSP, CSSLP
Technical Manager, Cigital, Inc
http://www.cigital.com/ ? +1.703.585.7868
Software Confidence. Achieved.
_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
------------------------------------------------------------------------------
_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20090321/db00672c/attachment.html
More information about the SC-L
mailing list