Just wondering .....
If I manage to forge a GCHQ IT security competence certificate (and associated records), does it automatically become valid because I've demonstrated competence in IT security?
Britain's global eavesdropping nerve-centre GCHQ hopes to turn its certificates of IT security competence into an industry standard - by awarding them to bods in the private as well as public sector. The CESG (Communications-Electronics Security Group) Certified Professional scheme (CCP) was launched in October, and is handed …
So, a branch of government has a group. That group creates a scheme. That scheme identifies 3 levels of competency (OK, let's pretend they map onto knowing what the hell you're talking about - with some sort of positive correlation). Within those rankings, there are 6 roles. And on top of that, another bunch has another programme for certification, that's different.
Then after 3 years yo have to do it all again.
This seems like an excellent plan for identifting both individuals who value letters, titles and accreditations and also for identifying organisations that are so lacking in real-world direction, experience and judgement that they would value such confused and surreal web of qualifications.
Having seen ITIL (another government initiative, that assumes an infinite amount of manpower, time, meeting-rooms and budget to get anything done) at first hand in a couple of organisations I can only assume that goal behind this announcement is to put a stop, once and for all, to anyone having any hope of matching a competent worker with a security requirement.
Having seen ITIL (another government initiative, that assumes an infinite amount of manpower, time, meeting-rooms and budget to get anything done)
I'm no ITIL/PRINCE guru, but I've seen some introductory ITIL/PRINCE methodology documents. One of the things I remember about these things, is that the level of detail/paperwork you employ for a project should be proportional to the size/risk of the project.
If some project manager is insisting on unnecessary levels of paperwork & meetings, I suspect they're just making work to justify their existence rather than to benefit anyone.
> If some project manager is insisting on unnecessary levels of paperwork & meetings, I suspect they're just making work to justify their existence rather than to benefit anyone.
Oh, without a doubt, yes.
But that's the beauty of "best practice", so long as there's always more you can do or ask for, you haven't achieved it. Hence organisations that are addicted to the idea of B/P (because they are so clueless) are so inefficient, slow and expensive.
All it is is direct competition with ISC^2.
Why have people pay all that money for CISSP when they can get this certification?
Your gripe sounds like the gripe from a certless wonder, unable to pass any test in order to acquire some form of certification beyond one of mental incompetence.
personall I wish the gov would stick to doing the current things its responsible for properly rather than spreading out its wings into new areas to make a fine mess of.
Last night I spent 2 hours on a journey that should have been no longer than an hour
This morning there were no underground trains working and I had to work
If I were put in charge of a country I would ensure the things I have adopted are in good working order before trying to spin off more money making schemes.
Since if you go to some shop and buy broken goods, you attempt it again and end up in the same situation. You will either be a fool and attempt this again or give up and think of anything and everything this place of business does as a shambles
Working in the trenches, I see the certifications and papers are pursued by managers who get themselves accredited to increase their own value. If someone has any real skill in the area they are kept *away* from obtaining any certification, because the managers above need their serf's to keep on serf'ing and covering them in glory. And potentially giving them a route out of serfdom.
Wzrd1, your an idiot, Ive found holes in major vendor products that would make news if I weren't responsible, yet, as above I do not possess a single infosec qualification. But I am " a certless wonder, unable to pass any test in order to acquire some form of certification beyond one of mental incompetence ".
Do you work in middle management by perchance?