"Bryan J. Smith" <[EMAIL PROTECTED]> wrote: >> The CISSP gets all the glory because it requires at least three (3) years of experience (with credentials), while the SSCP requires half that or can even be credited for other things. <<
Ahem! Five years experience for CISSP, although one year can be credited for a Master's degree from an NSA-accredited security program, and one year for certain other certifications. >> The CISSP is also more abstractly focused on the "architect" role << Actually, it's more of a management certification; I always explain it as a certification for those who are going to have to talk up to senior management and talk down to other security professionals and technicians, translating between the two. Security architecture is specifically addressed in the ISSAP concentration, which is an add-on to the CISSP. The CISSP is very high-level and the exam is designed to test broad knowledge, judgement, values and experience (which is why so many find it difficult). I have written and teach a 5-day CISSP review/prep class, btw. >> But if you start breaking down the CISSP CBK, a lot of things are more development or network-centric, not services and system concepts. << Disagree here; for example, development is only one part of one of the ten domains (Application Security). However, I agree with the general tenor of your argument. On the other hand, hardly anyone knows or cares about the SSCP - there are over 35,000 CISSP's in the US alone, for example, but only 608 SSCP's. My advice is to design the objectives with real-(Linux)-world requirements in mind, and only later worry about how this maps to either the CISSP or SSCP CBK's. Best, --- Les Bell, RHCE, CISSP, M. Info. Tech (System Security) [http://www.lesbell.com.au] Tel: +61 2 9451 1144 FreeWorldDialup: 800909 _______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
