What do you think are the key issues the Board should tackle in the coming term. Help me understand what you think are the important challenges facing our community that the Board should attempt to address?
David Melnick, Candidate
I think a lot of us can agree that the infrastructure supporting ISC^2 should be the immediate priority. Myself, and tons of other new members are having issues with the SAML sign-on error when it comes to making payments, check cpes', or even check your certificates. I honestly think support needs to be bolstered to handle the large load of support requests coming in because of all of the issues since the adoption of the new system. I think between the drastic increase in AMF payments, and many people never receiving e-mail responses/having to call multiple times to resolve the different issues they are having, may have rubbed someone the wrong way as a result. I also think the board can be more clear as to what the issues are, an expected time frame to resolve these issues, etc.
It is not to say that ISC^2 support isn't outstanding, it is! I just can tell they might be a bit overwhelmed.
@DavidMelnick wrote:What do you think are the key issues the Board should tackle in the coming term.
Oh yea, welcome aboard the community. Glad to have you here.
Wow that was awesome. Ok a couple of observations from your thoughtful list:
Thank you for the comments. And I encourage all the candidates to jump in here and share their points of view on these topics.
David Melnick
Welcome to the community, David!
I think mine have already been covered, but they’re worth reiterating:
I think it’s fair to say that meaningful interactions between the standard members and the board / executive team are few and far between. These seem to be limited to times when you want something from us, like votes! Or when we need something from you, like action on issues we’re facing as members.
How do we change this so there is continual, meaningful dialogue between us all? (ISC)2 is supposed to be a member organisation, but most of the time it doesn’t feel like the members have any voice and that needs to be remedied.
At the risk of sounding like a broken record, I believe one of the major challenges will be repairing the organisation's tattered reputation after the debacle of the digital end-to-end transformation programme. This has been nothing short of disastrous from the first flawed CPE portal “upgrade” through to the latest flawed AMF portal “upgrade”. Embarrassing. Very, very embarrassing.
Finally, there’s a large problem starting to build up that will affect the reputation of the organisation’s flagship certification. That being, since the change to the CAT version, the calibre of some of the individuals able to pass the exam is incredibly low. I have had the displeasure of interacting with some of these individuals and I’m telling you they and their crackpot notions of security are dangerous. Every email they send where they proudly boast those five initials after their name while expressing some of these alarming views is a nail in the coffin of the CISSP.
^I agree with a lot of what you are saying, but I think you are doing a lot of people, including myself, a disservice when you are saying there is a lower caliper of candidates directly correlated to the CAT exam change. I and others in my position have bitten the bullet and done the months of studying and multiple attempts to pass the exam. As someone who has taken the traditional test and new CAT, I can assure you the difficulty is still there. You are going to see more passes because the target audience has been expanded, and just because someone earned the credential does not mean they can pass an interview. That has always been the case with any certification. As the security field grows in popularity, the crop of candidates is going to expand. You are going to have a few great security professionals and a slew of terrible ones.
To be frank, the difficulty was never really there. It's a multiple-choice, generalist exam that tests for a shallow level of knowledge across a fairly broad set of security disciplines. Any potential difficulty came from the broadness which typically required most people to have to learn new things to cover the domains in which they had no experience. That's not my concern though.
I see the bar having been lowered mostly in relation to the length of the test. When it was 250 questions and potentially going to be a 6-hour marathon, that would put off all but the most determined. I know the CAT version is supposed to allow a person's level of understanding to be more quickly ascertained so there is supposedly no need for 250 questions. However, due to this, people now think they can finish the exam within an hour so more people are willing to attempt the exam - especially if the cost is being borne by someone else like their employer.
When you factor in test taking strategies, the fact the knowledge level required is fairly shallow to start with, a greater willingness from more people to take the exam due to the shorter length, and the fairly lax endorsement process, you end up with hordes of people passing who are just devaluing the certification. Also, in terms of passing an interview, it's often the biggest charlatans that perform the best in those.
Prior to the CAT version, I had the utmost respect for the knowledge and capabilities of all of the CISSPs I knew. I can no longer say that now.
With the conversation on the exam, I dont want to loose sight of your comment regarding ongoing communication/engagement with the Board and Member or the ongoing ability for the Board to be able to take into consideration the thoughts of the membership. There has not always been an easy way to gauge the point of view of the membership. Perhaps there might be a way to get regular feedback from a broader audience, e.g. running surveys/polls on key questions/decisions facing the Board? However, the broad membership isnt always willing to volunteer there time (they have busy jobs with lots of responsibility and may or may not even take the time to respond to an issue). Curious your thoughts on the tools/techniques which could allow for ongoing engagement by the 100k+ membership?