[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: Re[2]: Use the CISSP, Luke (was Re: Certifiying Security Aud
From: "Paul D. Robertson" <proberts () clark ! net>
Date: 1998-02-27 23:56:22
[Download RAW message or body]
On Wed, 25 Feb 1998, Steve Kruse wrote:
> less by the time a person can take it. HOWEVER...that does NOT
> mean the content isn't another building block upon which the
> experienced practitioner can increase their worth to their customer
> base.
It doesn't mean that it is either, or that there aren't better
building-blocks.
> - -----> The "learning and working on your own" are indeed valuable,
> but
> as you point out later, the peer interaction and learning REALLY
> takes place as you collaborate with others.
I'm not sure how peer interaction would take place otherwise ;)
> >be willing to do it if they _aren't_ working and learning on their
> own.
> >Organizations can afford it; courses are cheap. Very few courses
> cost as
> >much as the downtime costs to the organization, and many
> organizations
> >can afford that.
> >
> - -----> And many organizations can NOT afford the down time, and
My take on this point is that if we're to *really* create a field that
has a level of knowledge that means anything, then it can't be built on
lip-service. Having a company to pay for classes, or being able to
afford the educational experience probably _shouldn't_ be the metric used
as a barrier to entry any more than not being able to afford ten top-tier
security professionals should be the metric to having secure networks.
> especially
> if the person is a one-person consulting shop. When consultants
> (be they Big N-1, small shops, or independent) are not on bill out,
> it costs big $$. What is needed is a way to get the content AND
> the experiences/interaction of peers without all that downtime. Some
> figures I have seen indicate that the loaded cost of a high level
> consultant would top $120 per hour. Downtime adds up quickly at
> rates like that. Bill out probably exceeds $300 for a person of
> this caliber.
Generic "must put in x hours" qualifiers really don't address the issue
of an up-to-date admin very well unless, as Bennett says, you have a
course or conference that is more useful than the time you could spend
digging into things. The last couple of conferences I went to weren't
exactly eye-opening revalations in any particular area.
> - -----> Bottom line: I truely believe it **CAN** be invaluable at not
> only
> getting newbies up to speed, but also for old veterans to keep on
> the cutting edge. Now...all we need is that so far mysterious
> body of expertiese to step up to the plate!!!
Which it is that? Certification? Conferences and mandatory class time?
All of the above?
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@clark.net which may have no basis whatsoever in fact."
PSB#9280
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic