back to article GCHQ's CESG CCP 4 UK GOV IT BFFs? LOL RTFA INFOSEC VIPs ASAP

Britain's global eavesdropping nerve-centre GCHQ hopes to turn its certificates of IT security competence into an industry standard - by awarding them to bods in the private as well as public sector. The CESG (Communications-Electronics Security Group) Certified Professional scheme (CCP) was launched in October, and is handed …

COMMENTS

This topic is closed for new posts.
  1. frank ly

    Just wondering .....

    If I manage to forge a GCHQ IT security competence certificate (and associated records), does it automatically become valid because I've demonstrated competence in IT security?

    1. El Presidente

      Re: Just wondering .....

      If you managed to pull that off TPTB clearly ought to put you in charge of everything. What would probably happen is that they would put you in prison without changing the system because it isn't broken. If they caught you, which they probably wouldn't.

  2. Anonymous Coward
    Anonymous Coward

    Erm

    Isnt this just the CLAS scheme?

    1. Kate Winter

      Re: Erm

      CLAS consultants are now required to go through this certification in order to remain in CLAS.

      1. Will Godfrey Silver badge
        Coat

        Re: Erm

        Personally, I couldn't get out of class fast enough.

        Oh, erm... (see icon)

  3. Pete 2 Silver badge

    Obscurity for security

    So, a branch of government has a group. That group creates a scheme. That scheme identifies 3 levels of competency (OK, let's pretend they map onto knowing what the hell you're talking about - with some sort of positive correlation). Within those rankings, there are 6 roles. And on top of that, another bunch has another programme for certification, that's different.

    Then after 3 years yo have to do it all again.

    This seems like an excellent plan for identifting both individuals who value letters, titles and accreditations and also for identifying organisations that are so lacking in real-world direction, experience and judgement that they would value such confused and surreal web of qualifications.

    Having seen ITIL (another government initiative, that assumes an infinite amount of manpower, time, meeting-rooms and budget to get anything done) at first hand in a couple of organisations I can only assume that goal behind this announcement is to put a stop, once and for all, to anyone having any hope of matching a competent worker with a security requirement.

    1. A Non e-mouse Silver badge

      Re: Obscurity for security

      Having seen ITIL (another government initiative, that assumes an infinite amount of manpower, time, meeting-rooms and budget to get anything done)

      I'm no ITIL/PRINCE guru, but I've seen some introductory ITIL/PRINCE methodology documents. One of the things I remember about these things, is that the level of detail/paperwork you employ for a project should be proportional to the size/risk of the project.

      If some project manager is insisting on unnecessary levels of paperwork & meetings, I suspect they're just making work to justify their existence rather than to benefit anyone.

      1. Pete 2 Silver badge

        Re: Obscurity for security

        > If some project manager is insisting on unnecessary levels of paperwork & meetings, I suspect they're just making work to justify their existence rather than to benefit anyone.

        Oh, without a doubt, yes.

        But that's the beauty of "best practice", so long as there's always more you can do or ask for, you haven't achieved it. Hence organisations that are addicted to the idea of B/P (because they are so clueless) are so inefficient, slow and expensive.

    2. Anonymous Coward
      Anonymous Coward

      Re: Obscurity for security

      Then after 3 years yo have to do it all again.

      Not to mention the cost of recertification. CLAS and it's convoluted offspring are a massive money spinner.

  4. Destroy All Monsters Silver badge

    Candidate must...

    (1) ... have penetrated at least one (1) switch situated on the territory of the troubled nation of "Belgium".

  5. HereWeGoAgain

    This is just a certificate for fascist snoopers

    Anyone holding this certificate is not a fit and proper person to be employed anywhere.

    I expect there were similar certificates in Nazi Germany for operating Hollerith machines.

    1. Alister

      Re: This is just a certificate for fascist snoopers

      Mr Godwin, I presume?

    2. Wzrd1 Silver badge

      Re: This is just a certificate for fascist snoopers

      All it is is direct competition with ISC^2.

      Why have people pay all that money for CISSP when they can get this certification?

      Your gripe sounds like the gripe from a certless wonder, unable to pass any test in order to acquire some form of certification beyond one of mental incompetence.

  6. joanbee

    It reads as a wonderful plan for somebody...

    Learn what we want you to learn. Do it the way we taught you to do it. So we know how you do it. So we know how to go around what you do.

    I'll be in the mu-metal-lined room if you want me..

  7. Anonymous Coward
    Anonymous Coward

    personall I wish the gov would stick to doing the current things its responsible for properly rather than spreading out its wings into new areas to make a fine mess of.

    Last night I spent 2 hours on a journey that should have been no longer than an hour

    This morning there were no underground trains working and I had to work

    If I were put in charge of a country I would ensure the things I have adopted are in good working order before trying to spin off more money making schemes.

    Since if you go to some shop and buy broken goods, you attempt it again and end up in the same situation. You will either be a fool and attempt this again or give up and think of anything and everything this place of business does as a shambles

  8. Anonymous Coward
    Anonymous Coward

    Another CLASic fuck up.

  9. Anonymous Coward
    Anonymous Coward

    Working in the trenches, I see the certifications and papers are pursued by managers who get themselves accredited to increase their own value. If someone has any real skill in the area they are kept *away* from obtaining any certification, because the managers above need their serf's to keep on serf'ing and covering them in glory. And potentially giving them a route out of serfdom.

    Wzrd1, your an idiot, Ive found holes in major vendor products that would make news if I weren't responsible, yet, as above I do not possess a single infosec qualification. But I am " a certless wonder, unable to pass any test in order to acquire some form of certification beyond one of mental incompetence ".

    Do you work in middle management by perchance?

  10. Harman Mogul

    Top marks to the sub!

    Another great headline to add to the collection.

This topic is closed for new posts.