On Mon, 22 Nov 2004 11:51:43 CST, Anders Langworthy said: > The CISSP, otoh, supposedly requires 4 years of professional full-time > security work (3 years with a college degree, or 2 years with a BS & > Masters in Info Security). Going to a boot camp wouldn't take care of > this requirement. Shouldn't those with 4 years of professional > experience doing security be able to pass the exam without the need for > a boot camp anyway (or is that just foolish optimism)? Are the exp. > requirements so open to interpretation or embellishment? What gives?
It's quite possible to be (for instance) a firewall admin for 4 years, and know *every* in and out of all the common exploits you see, but not have a really good grasp on some of the *other* security fields (for instance, how to define a site security policy). On the flip side, you can spend a decade getting good at doing security policies, and not know squat about how to monitor the network....
pgpC0mab3VaY5.pgp
Description: PGP signature
