This is your chance to get Inside (ISC)² as leadership from our organization will be swinging by the Community to answer your questions. Joining us today is Jessica (Jessie) Hardy, director of customer experience at (ISC)².
Jessie leads the Customer Experience team overseeing the membership, communication, marketing, brand, and digital teams. She is responsible for developing the growth, brand, customer experience, online and communication strategies for (ISC)². If you’ve been to Security Congress, you’ve seen Jessie!
Reply to this post with your questions and Jessie will be answering them starting at 1pm EST.
And join us again next month (Feb. 28 @ 1pm EST) when Chuck Gaughf, (ISC)²'s Sr. Manager of Security, will be joining us to talk GDPR!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have seen other certification bodies develop managerial type InfoSec certifications (C-CISO from EC Council comes to mind), from someone who has obtained their CISSP do you have any insight in to what ISC2 may be developing (or has developed) in the Cybersecurity Managerial aspect?
A lot of what I'm seeing lately is infosec moving from developing best-practices to a heavy reliance on satisfying regulatory requirements. Are there any plans for region-based security certifications or focus areas?
Good day Jessica,
Would it be possible to explain the difference between the following items that people seem to mix and match and be confused about them most of the time?
The Detailed exam outline
The Common Body of Knowledge (CBK)
The Candidate Information Bulletin (CIB)
The ISC2 official study book.
I think that would help people getting ready for the exam. I was reading a post and saw someone mentioning they went through the CBK twice when really they meant they read through the official study book twice.
If you could highlight the differences that would be great.
Hi Scott @CISOScott,
Thank you for your question! We do have a managerial level certification for someone that has earned their CISSP. It is the CISSP-ISSMP which is a concentration level certification. You must be a CISSP in good standing, have two years’ experience in one of more of the five domains of the CISSP-ISSMP CBK. The domains include: Security Leadership & Management, Security Lifecycle Management, Security Compliance Management, Contingency Management, and Law, Ethics and Incident Management. Here’s a link for more information: https://www.isc2.org/Certifications/CISSP-Concentrations.
Let me know if you have any question! Should you determine to make this your next career goal, I look forward to congratulating you on your success.
Hi Clement @clementdupuis,
Hope you are having a great day. I would be happy to clarify this:
The ‘Detailed exam outline’ and the ‘Candidate Information Bulletin CIB’ are in fact the same thing. Several years ago, we rebranded them to be the ‘Certification Exam Outline’. I would encourage anyone looking to be certified to download the exam outline. It will provide deeper dives into the domains of the certification, domain weights, and the test format.
The Common Body of Knowledge (CBK) refers to a peer-developed compendium of what a competent professional in their respective field must know, including the skills, techniques and practices that are routinely employed.
The (ISC)² CBK is a collection of topics relevant to cybersecurity professionals around the world. It establishes a common framework of information security terms and principles which enables cybersecurity and IT/ICT professionals worldwide to discuss, debate and resolve matters pertaining to the profession with a common understanding, taxonomy and lexicon.
There is actually an entire collection of (ISC)2’s self-study resources which includes the ‘Official (ISC)2 CISSP Study Guide’ and the ‘Official (ISC)2 Guide to the CISSP CBK’. Here is a link to get more information: https://www.isc2.org/Training/Self-Study-Resources
I hope that this helps. Let me know if you have any other questions.
Hi John, @John
Thank you for your question! I am sure that this is a timely question especially with GDPR compliance deadlines coming up in May.
While we don’t have formal plans for a regional certification, this year we have a focus on enriching our members’ professional development by creating and providing access to resources and education. These CPEs and events will immerse members in relevant domains, timely issues, technical challenges, and soft skills development crucial for their career growth and the health of the profession as a whole. These tactical, focused learning opportunities enable members to become more well-rounded and effective cybersecurity practitioners. This will help our members excel and achieve your personal and professional goals. This is part of our theme for 2018 – Enrich. Enable. Excel.
With that, we do have our CAP certification that is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in the U.S. federal government, such as the U.S. Department of State or the Department of Defense (DoD).
But thank you for the great idea! I can pass this along to our programs office.
What do you think are the advantages of the new CAT CISSP over the former CISSP?
Can you speak to the vision (ISC)2 has for promoting its brand and members as a credentialed and expert asset? Put another way, despite the growth of CISSPs and the (ISC)2, outside certain specific arenas, we're still Rodney Dangerfields - "can't get no respect." Much of this reflects that people most in need of a CISSP or other expert likely don't know they need it. Minor example: you go to a school and offer to the Safe and Secure Online presentation for free, and get, "Oh we already have someone who does that," when it is a nearly-retired librarian who has managed to figure out how to toggle Google Safe Search. Major example: a credit bureau's security lead has no security credentials (just a degree in fine arts). We (ISC)2 members might know our worth (and yes it falls on us to a degree to communicate it appropriately), but there still seems to be a need for (ISC)2 to get its brand and message out. For example the Realtors and CFPs appear to be trying to get their brand out there in mainstream media outlets. Perhaps it is time for (ISC)2 to do the same?
Hi there, @Bayshob
I’m so glad you asked about this as I am sure that there are many others that have the same questions. (ISC)²’s transition of CISSP to CAT is an important investment in the future of its certification program. The implementation of CAT strengthens our commitment to meet the critical demand for cybersecurity professionals worldwide by providing a fair, valid, reliable, and efficient exam administration process.
CAT provides numerous benefits to candidates including:
Here’s a recent blog that may be of interest too: http://blog.isc2.org/isc2_blog/2018/01/what-is-the-cissp-cat-exam-like.html
If you are studying, best of luck! We are here to help.
Here is a quick question. Many of us are long term CISSP certification holders, however the world moves in an increasingly dynamic fashion similar to the famous Moore's Law. However, human thinking tends to stay linear, so we need encouragement and stepping stones to improve our knowledge at an increasing pace. Would you entertain the notion of having incremental added value education sessions or opportunities - using the Acclaim Digital Badge approach on subjects that are relevant suggestions include BlockChain, BitCoin, IOTs etc? I see this as a way of ensuring individuals fluency in key topics, whilst always going back to the basics that the CISSP certification originally taught us all, but with a carrot at the end. Or do you think CPD's are sufficient?
We know far too well what a ‘thankless’ job it can be! You’re the first to restrict access to colleagues ensuring better security and you’re the first they go pointing to when something goes wrong.
Based on your question, it sounds like you’ve been in some of our recent planning meetings 😊
You’re touching on a subject that is very important to myself and my team. We need to expand the conversation, and we view that as a critical part of our mission. It’s our role to advocate for our members and build awareness for the value of the profession – and most importantly the value of a certified professional – outside of core cybersecurity circle.
One step in that direction is our new Cybersecurity Advocacy program. We are building a team of cybersecurity advocates who will be responsible for advancing the cybersecurity profession around the world. Whether educating policy makers about key security issues, promoting the necessity of a competent cybersecurity workforce or building awareness about cybersecurity as a rewarding career opportunity, our team of experienced advocates represent our membership every day as we collectively work toward achieving our vision of inspiring a safe and secure cyber word. There is a lot more to come on that.
Thank you for being a ‘Safe and Secure’ volunteer! In this program, we do rely on our members to help us get the word out on the importance of being cybersafe at all levels. Our Center for Cyber Safe & Education team here is here working hard in Clearwater sponsoring events, holding fundraisers, and trying to get grants to increase the reach of the program.
Stay tuned! This is on our radar for 2018! Please continue to send suggestions.
Thanks for your response. One more question. Is the CISSP CBK changing in April 2018 as speculated?
First of all, thank you for being a member for so long! Your question is completely inline with our theme this year of Enrich. Enable. Excel. This is the year for the lifelong learner and we will focus on enriching our members’ professional development by creating and providing access to resources and education that continually sharpens their skills and hone their craft. These CPEs and events will immerse members in relevant domains, timely issues, technical challenges, and soft skills development crucial for their career growth and the health of the profession as a whole. These tactical, focused learning opportunities enable members to become more well-rounded and effective cybersecurity practitioners. This will help our members excel and achieve your personal and professional goals.
To kick this off this year, we have launched for a limited time a free forensics lab. This is a great opportunity to pilot an interactive, online, self-paced practical hands-on lab learning experience. Here’s a link to a blog article about it. http://blog.isc2.org/isc2_blog/2018/01/limited-time-opportunity-free-forensics-lab.html
I like your idea around Acclaim Badges. That is something we will explore as we launch these rich, immersive CPE opportunities. I do believe that CPEs are important… we believe that quality is that much more important which is why we are focusing on this for 2018.
That is correct. The CISSP exam will be based on a new exam outline starting April 15, 2018. The domains and their weights have changed. Please refer to the CISSP Exam Outline and our FAQs for details. This is posted on the main CISSP page.
Hope that helps!
In support of your great response. Given the current issues facing organisations i.e. disruptive digital transformation (i.e. it is stated 54% of all Fortune 500 organisations no longer exist) and the increasingly pressures from compliance, regulations and recently cyber security insurance increasing their premiums significantly. How can we as individuals within our own organisations, be more relevant and not just a lone voice in the wilderness. Can ISC2 help us to realise those skills? Take for example this interesting blog:
I believe it encapsulates many of the relevant issues facing us on a daily basis.