Truth About Computer Security Hysteria
Six information security luminaries receive CISSP certificationRob Rosenberger, Vmyths co-founder
Friday, 1 April 2005
FOR IMMEDIATE RELEASE
The International Information Systems Security Certification Consortium, Inc. (ISC)² is proud to announce that six prominent security researchers have been awarded the coveted Certified Information Systems Security Professional (CISSP)™ certification. The world-recognized CISSP certification signifies that an individual has reached the pinnacle of their professional development and demonstrated competence in the information security field.
“Attaining the CISSP affords me new career opportunities and I’m proud to have earned the recognition,” said Richard Forno, the former Chief Security Officer of Network Solutions and current Washington, DC-based security consultant. “Having the CISSP — and many other letters after my name as well — means quicker consideration in the hiring process because it’s clear that hiring managers use certifications as the single most accurate indicator of a person’s competence as a security expert and technology professional.”
Brian Martin, a Denver-based security consultant and commentator, agreed, noting that the CISSP “will open new doors and offer exciting new glimpses into the inner child of network security.” He believes that the CISSP certification will bolster his “already-padded resume” and allow him to obtain new contract jobs as a certified security professional more easily while also commanding a higher hourly rate from his expanded base of prospective clients.
Those certified as a CISSP must subscribe to the (ISC)² Code of Ethics, pass a written examination, be employed somewhere, pay recurring membership dues to (ISC)², maintain certification through continuing education, and recertify every three years for a small additional charge. The (ISC)² Code of Ethics for CISSPs ensures that only reputable professionals become certified; a rigorous examination of an applicant’s background is conducted to prevent a hacker or other questionable person from joining this elite community of security experts.
Meeting this ethical standard was welcome news to “AJ,” leader of the black-hat hacker group ReznorBlades. “Just knowing that I’m now on the same level as many of the industry’s least-clued and over-paid professionals creates a feeling that I just can’t put to words. Now when a ‘professional’ sneers at my nose ring or dismisses me because of my haircut I can remind him that he and I are equal brothers in the charge to secure the planet from cyber-mischief.” ReznorBlades’ current project is building a distributed and stealthy cross-platform implementation of a RFC3514 attack tool to be released at DefCon later this year.
Jay Dyson of Treachery Unlimited agrees. “For me, the CISSP was the perfect foil through which I could advance my career in computer and network security and, quite possibly, world domination. Now I only need to know half the stuff I used to, do only half the work I used to, and yet make twice the pay.” Dyson, who is currently vacationing in Jamaica, went on to describe how the CISSP certification has freed him from hardship at work. “I used to knock myself out to justify new hardware, major network architecture changes, and other stuff,” he said while sipping the local coffee. “Now I just announce that I am a CISSP and nobody argues — no matter how wild my demands might sound to the un-certified. It’s like being a James Bond villain, only without the monocle and Persian longhair cat.”
Similarly, Vmyths.com editor Rob Rosenberger lauded his elevation to computer security’s ruling class. “As a member of the Investigative Reporters and Editors Association, I was compelled to base my conclusions on evidence and metrics. But as someone with ‘CISSP’ on his business cards now, I can label anything a fact yet have no data to support it. As a result, I look forward to speaking with a new and undisputed authority on computer security topics and participating in vaguely worded white papers and international computer security surveys to create new job opportunities both for myself and other CISSPs.”
Independent consultant Joshua Fritsch of UnixGeeks.org believes the CISSP certification is the ticket out of what he describes as “sysadmin hell.” Fritsch, who spends most of his time complaining about his workload instead of working on it, got his CISSP after sending five proofs-of-purchases from a Cracker Jack box (plus shipping and handling) to (ISC)².
Messrs. Forno, Martin, Reznor, Dyson, Rosenberger, and Fritsch will be welcomed formally into the CISSP brotherhood on Saturday at a black-tie dinner in Washington, D.C, where both their CISSP certificates and keynote speech will be presented by D.K. Matai, chairman of the UK-based security research company mi2g. The list of prestigious (ISC)² members who have confirmed their attendance at the Washington event can be found at:
For more information, contact:
PH: +1.866.462.4777 or +1.703.891.6781