'Re: Re[2]: Use the CISSP, Luke (was Re: Certifiying Security Aud'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Re[2]: Use the CISSP, Luke (was Re: Certifiying Security  Aud
From:       "Paul D. Robertson" <proberts () clark ! net>
Date:       1998-02-27 23:56:22
[Download RAW message or body]

On Wed, 25 Feb 1998, Steve Kruse wrote:

> 	less by the time a person can take it.  HOWEVER...that does NOT 
> 	mean the content isn't another building block upon which the 
> 	experienced practitioner can increase their worth to their customer
> 	base. 

It doesn't mean that it is either, or that there aren't better 
building-blocks.  

> - -----> The "learning and working on your own" are indeed valuable, 
> but 
> 	as you point out later, the peer interaction and learning REALLY
> 	takes place as you collaborate with others.

I'm not sure how peer interaction would take place otherwise ;)

> >be willing to do it if they _aren't_ working and learning on their 
> own.
> >Organizations can afford it; courses are cheap. Very few courses 
> cost as
> >much as the downtime costs to the organization, and many 
> organizations
> >can afford that.
> >
> - -----> And many organizations can NOT afford the down time, and 

My take on this point is that if we're to *really* create a field that
has a level of knowledge that means anything, then it can't be built on
lip-service.  Having a company to pay for classes, or being able to
afford the educational experience probably _shouldn't_ be the metric used
as a barrier to entry any more than not being able to afford ten top-tier
security professionals should be the metric to having secure networks.  

> especially
> 	if the person is a one-person consulting shop.  When consultants
> 	(be they Big N-1, small shops, or independent) are not on bill out,
> 	it costs big $$.  What is needed is a way to get the content AND
> 	the experiences/interaction of peers without all that downtime. Some
> 	figures I have seen indicate that the loaded cost of a high level 
> 	consultant would top $120 per hour.  Downtime adds up quickly at
> 	rates like that.  Bill out probably exceeds $300 for a person of
> 	this caliber.

Generic "must put in x hours" qualifiers really don't address the issue 
of an up-to-date admin very well unless, as Bennett says, you have a 
course or conference that is more useful than the time you could spend 
digging into things.  The last couple of conferences I went to weren't 
exactly eye-opening revalations in any particular area.    

> - -----> Bottom line: I truely believe it **CAN** be invaluable at not 
> only
> 	getting newbies up to speed, but also for old veterans to keep on
> 	the cutting edge.  Now...all we need is that so far mysterious
> 	body of expertiese to step up to the plate!!!

Which it is that?  Certification?  Conferences and mandatory class time?  
All of the above?  

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts@clark.net      which may have no basis whatsoever in fact."
                                                                     PSB#9280

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic