As a long time CISSP, having worked with the committee which developed the initial test questions in the late 1980's and early 1990's, I was somewhat offended by the tone of this article. Fortunately it was softened by the closing paragraphs. Yes the CISSP has become the "Gold Standard." Many have tried to imitate its acceptance, thoroughness, construct and breadth, however, IMHO, none have suceeded. Maybe the CCIE from Cisco or the MSCE from Microsoft comes closest but they are focused on a vendors products not the academic breadth of InfoSec.
It is the Gold Standard in many ways, e.g. 1) it is comprehensive covering ten knowledge areas; 2) it is updated very frequently by CISSPs; 3) is it administered consistently across the globe; 4) it does not profess to be a technical, mile deep, half an inch wide approach to InfoSec; and 5) it does differentiate its certificated holders from the rest of the pack.
Experience is the best teacher and if I had my way, the experience needed to sit for the CISSP would be at least 10 years.
As a current CISSP test supervisor, I have watched many candidates take the exam, talked to others about their background in InfoSec, have conducted "tutor" type classes and have conclued that a person who has earned a CISSP is one who has taken the initiated to differentiate him/herself, has learned much in at least 10 security knowledge areas, has worked in the InfoSec field for a number of years, has an academic degree or two, and can for the most part, speak intelligently about information security from multiple viewpoints.
This, I believe, differentiates us from the rest of the security practitioners. As my hiring criteria is concerned, its no job if you don't have a CISSP.
I'm currently studying for the CISSP and feel it is a good certification for a managerial position where you need to show the organization a path to good practices.
Having many certifications in the law enforcement and security area, the CISSP is a natural path to become a CSO when combined with other training, experience and certifications. The article seems very hostile towards the certification that is very similar to every other program I've completed.
I studied like crazy for all of my licences, certifications and degrees. Do you have a lot of other certifications and training? So you never studied for the test, did you pass?
CISSP Certification Uncertainty
Would I want to belong to a club that had me as a member? As it turns out, I do.
» View Article
As a long time CISSP, having worked with the committee which developed the initial test questions in the late 1980's and early 1990's, I was somewhat offended by the tone of this article. Fortunately it was softened by the closing paragraphs. Yes the CISSP has become the "Gold Standard." Many have tried to imitate its acceptance, thoroughness, construct and breadth, however, IMHO, none have suceeded. Maybe the CCIE from Cisco or the MSCE from Microsoft comes closest but they are focused on a vendors products not the academic breadth of InfoSec.
It is the Gold Standard in many ways, e.g. 1) it is comprehensive covering ten knowledge areas; 2) it is updated very frequently by CISSPs; 3) is it administered consistently across the globe; 4) it does not profess to be a technical, mile deep, half an inch wide approach to InfoSec; and 5) it does differentiate its certificated holders from the rest of the pack.
Experience is the best teacher and if I had my way, the experience needed to sit for the CISSP would be at least 10 years.
As a current CISSP test supervisor, I have watched many candidates take the exam, talked to others about their background in InfoSec, have conducted "tutor" type classes and have conclued that a person who has earned a CISSP is one who has taken the initiated to differentiate him/herself, has learned much in at least 10 security knowledge areas, has worked in the InfoSec field for a number of years, has an academic degree or two, and can for the most part, speak intelligently about information security from multiple viewpoints.
This, I believe, differentiates us from the rest of the security practitioners. As my hiring criteria is concerned, its no job if you don't have a CISSP.
I'm currently studying for the CISSP and feel it is a good certification for a managerial position where you need to show the organization a path to good practices.
Having many certifications in the law enforcement and security area, the CISSP is a natural path to become a CSO when combined with other training, experience and certifications. The article seems very hostile towards the certification that is very similar to every other program I've completed.
I studied like crazy for all of my licences, certifications and degrees. Do you have a lot of other certifications and training? So you never studied for the test, did you pass?
Dirty Tricks: Social Engineers' Favorite Pickup Lines
Tabletop Exercises: 3 Sample Scenarios
19 Ways to Build Physical Security Into Your Data Center
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK