We see recurring questions in several of the community fora regarding CPE: what counts ?must I have Type B? how to calculate for input? what about rollovers?
In almost every instance the answers are clearly provided in the CPE Guidelines document at isc2.org. Obviously the person asking the question has not even glanced at that document.
Recently my comments, instead of pointing to the pinned threads on CPE at the top of both CPE Opportunities and Member Support have moved to a simple
Former military know this one: Read The Field Manual!
(yea, that's the word, Field, yeah, that's what the F means, Field!)
What does this have to do with acting like a professional?
Quite a bit.
We are in a complex field, that is changing constantly. To do our jobs we have to know the content of laws, regulations, rules, frameworks, and system manuals. We cannot get by without reading those core documents that detail our tasks and procedures.
Failure to keep up with the mandatory documentation of our major specialties, and to dive into teh needed ones on any given task is essential to being a true professional in infosec.
The certification is named Certified ... PROFESSIONAL.
If you are not willing to learn what the rules and procedures are, know where they are documented, and routinely use those documents,
YOU ARE NOT ACTING LIKE A PROFESSIONAL.
Try to answer your questions through research before leaning on the helpful crowd in the Community.
Oh, and I have said this before: If I were looking to hire an infosec specialist who claims a professional certification, and that individual does not even know what the relevant guideline documents are, much less use them, that one goes straight to the round file.
With best wishes and hopes for your career successes,
And stop attacking those who keep pressing standards as the reason we have standards in the first place.
I prefer quality over quantity when it comes to certifications. Certs are a nice to have but too much emphasis has been placed on examinations, particularly from colleges seeing certification as a way of confirming their education product. So what are we really telling students? Get certified, no matter what it takes.
Hi Dr. Shelton,
Great to 'hear' from you. Very informative post, and well received.
Keep up the creative, professional, and guiding thought processes.
Dr. Jan Shuyler Buitron
Doctorate of Computer Science in Cybersecurity, minor in Management
Master of Science in Cybersecurity
CISSP, MCSE, ITIL v2, v3
Senior Cybersecurity Systems Engineer\Lead)
Always enjoy a good rant and Hopefully you are feeling better now that you got that out of your system 🙂
Seriously though its been going on for years. Not just on ISC2 but LinkedIn (how do I get a job in security, certs, etc.) and also in the workplace.
It's pretty much a sign of laziness, etc.
It's an indication they are a taker (always asking/demanding/it takes too much time/etc.) vs a maker (initiative/trying/researching/etc.)
And because the audience is vast there is a good chance they will continue on as long as they can.
What they don't realize is eventually they will get ignored, not offered assistance, or not progress in their career.
What's interesting is that I also see the same type of behavior from individuals with Bachelors, Masters, and even Doctors degrees which kind of leads me to wonder if someone else did their homework for them.
I conduct research all the time in my 'spare' time. Sites like researchgate, Microsoft Academic, Google Scholar, Oxford University Press, and of course, Carnegie Mellon University CERT site, which is FULL TO THE BRIM with good stuffs, including one of the premier Insider Risk research centers.
If any folks are looking for the 'easy way,' it doesn't work when it comes to the ISC2 exams. I set myself to studying for 8 hours per day when I was knuckling down for the CISSP exam in 2007. It worked, because I passed it on the first try after studying for 3.5 months.
The simple tip is, be CURIOUS, and be a Lifelong Learner!
Here is an interesting piece from Carnegie Mellon:
regards and stay well,
Dr. J. S. Buitron, DCS, MSIA, CISSP
Doctor of Computer Science\Cybersecurity
Masters in Information Assurance\Cybersecurity
Certified Information Systems Security Professional
Lead Cyber Engineer at L3Harris