Does the Certified Ethical Hacker add value to a CISSP
A young colleague asked about the value of the CEH certification. Would it "Add Value" to his existing CISSP? The syllabus looked interesting to him and he wondered how prospective employers would view this.
This was my reply:
There are TEN domains to the CISSP's CBK. People come to security from
many walks of life and fields of endeavour and information security has
many facets beyond protecting networks and hosts from malicious attack.There have been times in my career when the work covered by the CEH
would have been relevant, but back then neither the CEH not the CISSP
existed. But even back then I realized that the real problem was not
the networks or the hosts or the system administrators.Each decision you make, each certification and specialization you focus
on leads you down a career path. I've often criticised "reactive mode"
security. The same I'd apply to your career. Is this a proactive move?
Is there a career plan here? Where do you see yourself in five or ten
years? How long do you expect to be doing Pen Testing?Many of us took the CISSP not as a learning exercise but to validate our
already existing skills and experience. You can read in the archives
tales of people at the seminars that pre-dated "boot camps" who wrote
the books that the exam questions were based on. I mention this
because of the way you have worded your question. Are you interested in
the CEH as a validation of your experience or do you expect the course
to teach you Pen Testing? If the latter, then I'd think again.But ultimately it boils down to the issue of your career. Many of the
older members of this forum, and older CISSPs in general, have very
diverse backgrounds. There is an old joke about a Phd being a 'delta
function', you know more an more about less and less. Many career moves
are like that. I mention this because I, and others, feel there is a
point in a career where it is the width of experience, the 20-20
peripheral vision, the understanding of context, the ability to avoid
Errors of the Third Kind, that employers value.Yes, it depends on your age - which you didn't mention - and other
factors. Context is, as I keep saying, everything.Maybe one day I'll go back an finish my degree in Social Anthropology.
All in all I feel understanding people and the social dynamics of
organizations is more relevant to communicating and effecting the
changes needed to bring about good security practices. But that's me,
my context an my career objectives.You need to make it clear what are yours before you can say whether a
CEH - or any other certification for that matter, is relevant to you.
As Robert Heinlein said:
A human being should be able to change a diaper, plan an invasion,
butcher a hog, conn a ship, design a building, write a sonnet, balance
accounts, build a wall, set a bone, comfort the dying, take orders, give
orders, cooperate, act alone, solve equations, analyze a new problem,
pitch manure, program a computer, cook a tasty meal, fight efficiently,
die gallantly. Specialization is for insects.
Related articles by Zemanta
- Society of Payment Security Professionals Welcome 50 New CPISM/CPISA's (pindebit.blogspot.com)
- Ethical Hacking: Beat Hackers At Their Own Game (shegeeks.net)
- "A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship,..." (secretenemyhideout.com)
- Ethical Hacking - Beating Bad Guys for Fun & Profit (giveaway) (geekmommy.net)
- Sci-fi writers take US security back to the future | Jenna Lang (guardian.co.uk)
- Get Paid To Hack (joetech.com)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=720c466d-6acc-4639-8721-a1f99719a911)
The CISSP Forum FAQ
Its one of those bootstrap problems - the new CISSPs who need to read the information can't get at the FAQ on how to sign up for the CISSPForum because they need to be members of the forum in order to read the instructions.
Yes, I know the information is at the (ISC)2 web site, but that's an incredibly difficult site to navigate.
Because of this, Gary Hinson and myself, each quite independently, took the CISSP Forum FAQ and converted it to a web page, adding hyperlinks etc. The two pages are at:
- http://www.infosecwiki.com/bin/view/CISSPForum/TheForumFAQ
- http://www.noticebored.com/html/cisspforumfaq.html
Both sites are very rich, but very different in nature. Gary makes use of custom mind-maps to assisit in navigation, whereas the Wiki allows for registered members - CISSPs - to contribute.
The CISSP Forum at YahooGroups is very active. It is not a purely technical group, but an active support group for CISSPs. It handles well over 1,000 messages a month and is the kind of "social network" that some vendors would pay millions of dollars to own - if it wasn't a closed group that spurns advertising.
The astounding thing is that so few CISSPs know about it. (ISC)2 seems to make no effort to publicise it to people as they gain their certification.
If you are a CISSP, visit either of those two pages, or better still go directly to the (ISC)2 web page for registration - https://www.isc2.org/cgi/cissp_forum.cgi - and sign up.
Technorati Tags: cissp, wiki, forum, (ISC)2,
Related articles
- Why CISSP? (itauditsecurity.wordpress.com)
