cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DavidMelnick
Newcomer II

Let a candidate ask the community something?

What do you think are the key issues the Board should tackle in the coming term. Help me understand what you think are the important challenges facing our community that the Board should attempt to address?

David Melnick, Candidate

10 Replies
jhamm1016
Newcomer I

I think a lot of us can agree that the infrastructure supporting ISC^2 should be the immediate priority. Myself, and tons of other new members are having issues with the SAML sign-on error when it comes to making payments, check cpes', or even check your certificates. I honestly think support needs to be bolstered to handle the large load of support requests coming in because of all of the issues since the adoption of the new system. I think between the drastic increase in AMF payments, and many people never receiving e-mail responses/having to call multiple times to resolve the different issues they are having, may have rubbed someone the wrong way as a result. I also think the board can be more clear as to what the issues are, an expected time frame to resolve these issues, etc. 

DavidMelnick
Newcomer II

Thank you for bringing that up. Clearly the Board can play a role in working with ISC2 management to prioritize investment in basic services. Perhaps increasing budgeted staffing around this area. Seems to me that providing these types of basic services to our membership should be one of the easier problems to tackle.
jhamm1016
Newcomer I

It is not to say that ISC^2 support isn't outstanding, it is! I just can tell they might be a bit overwhelmed.

denbesten
Community Champion


@DavidMelnick wrote:

What do you think are the key issues the Board should tackle in the coming term.


  1. Ensuring the Certificates remain relevant in the industry -- Possessing a CISSP needs to remain recognition that the holder has experience and knowledge and is a person "worth listening to".   
  2. Ensuring members get value from holding the certificates.  Be that opening career paths, assisting with continuing education, facilitating peer-relationships (e.g. chapter meetings and the online-community), etc.
  3. Ensure that our membership money is efficiently spent and that it results in member benefit to the greatest extent practical.  
  4. Promote transparency with the members.  I don't just want an annual report full of self promotion, I want to know both the good and the bad.  I want the successes and the struggles.  Regularly published board minutes (redacted as needed) would be a good start.
  5. Reduce friction in maintaining a certificate.  Today, that friction shows up mostly in poorly automated processes with awkward user interfaces, failure to consider border cases (e.g. certificates can not be renewed until after they expire, causing job-issues for some members) and arbitrary limitations (e.g. can only pay AMFs 60 days in advance).
  6. Relentlessly streamline processes and don't be (too) afraid of altering policy to improve implementability.  For example, A CISSP who subsequently attains a CCSP or SSCP should automatically skip the endorsement process because there is no added experience requirements to validate.  Getting these people out of the queue will only speed the lines for everyone.    
  7. Remain engaged with the membership on this community not just as a campaign strategy, but keep it up even after we have elected you to the board.  

Oh yea, welcome aboard the community.  Glad to have you here. 

DavidMelnick
Newcomer II

Wow that was awesome. Ok a couple of observations from your thoughtful list:

  1. we have a theme developing around efficient/streamlined basic services;
  2. you raise the tough problem that really should take up much of the Board's concern, i.e. ensuring relevancy of your Cert in the marketplace increasing both earnings, reputation and role of holders; and
  3. a passionate topic for me around Board Governance and Transparency. Clearly a basic responsibility is financial and strategic oversight, but the point about transparency is a topic I am personally passionate about. Historically there has been a great deal of resistance to transparency. Without trying to get at all the reasons/motives, the bottom line is we should be as transparent as possible and releasing the board minutes would be a very minimal step in the right direction. You definitely have my commitment to pressing transparency in all the board activities. We need to do better on this front.

Thank you for the comments. And I encourage all the candidates to jump in here and share their points of view on these topics.

David Melnick

AlecTrevelyan
Community Champion

Welcome to the community, David!

 

I think mine have already been covered, but they’re worth reiterating:

 

I think it’s fair to say that meaningful interactions between the standard members and the board / executive team are few and far between. These seem to be limited to times when you want something from us, like votes! Or when we need something from you, like action on issues we’re facing as members.

 

How do we change this so there is continual, meaningful dialogue between us all? (ISC)2 is supposed to be a member organisation, but most of the time it doesn’t feel like the members have any voice and that needs to be remedied.

 

At the risk of sounding like a broken record, I believe one of the major challenges will be repairing the organisation's tattered reputation after the debacle of the digital end-to-end transformation programme. This has been nothing short of disastrous from the first flawed CPE portal “upgrade” through to the latest flawed AMF portal “upgrade”. Embarrassing. Very, very embarrassing.

 

Finally, there’s a large problem starting to build up that will affect the reputation of the organisation’s flagship certification. That being, since the change to the CAT version, the calibre of some of the individuals able to pass the exam is incredibly low. I have had the displeasure of interacting with some of these individuals and I’m telling you they and their crackpot notions of security are dangerous. Every email they send where they proudly boast those five initials after their name while expressing some of these alarming views is a nail in the coffin of the CISSP.

 

jhamm1016
Newcomer I

^I agree with a lot of what you are saying, but I think you are doing a lot of people, including myself, a disservice when you are saying there is a lower caliper of candidates directly correlated to the CAT exam change. I and others in my position have bitten the bullet and done the months of studying and multiple attempts to pass the exam. As someone who has taken the traditional test and new CAT, I can assure you the difficulty is still there. You are going to see more passes because the target audience has been expanded, and just because someone earned the credential does not mean they can pass an interview. That has always been the case with any certification. As the security field grows in popularity,  the crop of candidates is going to expand. You are going to have a few great security professionals and a slew of terrible ones. 

AlecTrevelyan
Community Champion

To be frank, the difficulty was never really there. It's a multiple-choice, generalist exam that tests for a shallow level of knowledge across a fairly broad set of security disciplines. Any potential difficulty came from the broadness which typically required most people to have to learn new things to cover the domains in which they had no experience. That's not my concern though.

 

I see the bar having been lowered mostly in relation to the length of the test. When it was 250 questions and potentially going to be a 6-hour marathon, that would put off all but the most determined. I know the CAT version is supposed to allow a person's level of understanding to be more quickly ascertained so there is supposedly no need for 250 questions. However, due to this, people now think they can finish the exam within an hour so more people are willing to attempt the exam - especially if the cost is being borne by someone else like their employer.

 

When you factor in test taking strategies, the fact the knowledge level required is fairly shallow to start with, a greater willingness from more people to take the exam due to the shorter length, and the fairly lax endorsement process, you end up with hordes of people passing who are just devaluing the certification. Also, in terms of passing an interview, it's often the biggest charlatans that perform the best in those.

 

Prior to the CAT version, I had the utmost respect for the knowledge and capabilities of all of the CISSPs I knew. I can no longer say that now.

 

DavidMelnick
Newcomer II

With the conversation on the exam, I dont want to loose sight of your comment regarding ongoing communication/engagement with the Board and Member or the ongoing ability for the Board to be able to take into consideration the thoughts of the membership. There has not always been an easy way to gauge the point of view of the membership. Perhaps there might be a way to get regular feedback from a broader audience, e.g. running surveys/polls on key questions/decisions facing the Board? However, the broad membership isnt always willing to volunteer there time (they have busy jobs with lots of responsibility and may or may not even take the time to respond to an issue). Curious your thoughts on the tools/techniques which could allow for ongoing engagement by the 100k+ membership?