Associates of (ISC)² are people currently pursuing an (ISC)² certification. They have passed their certification exam (CISSP, SSCP or another) but are still gathering their required work experience to complete their certification. It’s like an apprentice program. Would you consider hiring an Associate of (ISC)² to work on your team? Why or why not?
in my opinion CISSP for InfoSec is like a matriculation exam - obligatory at certain point of life/career but definitely not sufficient. More significant is a hands-on technical knowledge in a few Security Domains, backed up with soft skills (eg. C-level communication). So - I would reply - it depends what are other requirements than having C(whatever) certificate. If other knowledge fits a candidate profile and "CISSP is a must" than I would hire Associate as well. Having only CISSP is meaningless from my perspective.
I think peer mentoring is a wonderful idea! This also would help to bridge the inherent Catch-22 gap that the root post on this thread alludes to. On one hand, there is a big and growing gap between the demand and available quality talent in the infosec field (great news for the professionals already in the field). On the other hand, while numerous university programs exist to provide a solid foundation knowledge, certain skills can only be aquired in practice.
The younger professionals entering iformation security workforce often have to confront the disconnect between what the "nice to have" job descriptions demands of them (e.g. 1-3 years PLUS CISSP certification) and what they can actually demonstrate based on where they are in their professional development. This is, I think, one of the key reasons for some of the young pros to pursue certifications, before they get to know the business. After all, regorous study is something that they are very good at--coming out of school. Having one or more peer mentors and a career champion is key. One or more of the former will help the younger professionals to learn what they need to know. The latter will help to "get in the door" with whatever credentials and skills that the younger professionals can practically aquire.
I'll take a person's experience in lieu of certification.
I wouldn't not hire someone with it -- that's not really the same thing, though.
If the requirement is for a CISSP, then what it really is is a requirement for someone with 5+ years of experience plus some paper. Having 2-3 years of experience plus some paper isn't the same thing. However, it shows that a junior person is looking ahead in terms of career progression and reflects a good attitude towards learning. Those things are desirable.
It depends - how old is the person? My organization only hires recent college graduates up to three years experience for entry level positions. If you've been in IT for a five to seven years, we are going to want to see some certifications obtained. If you're "in progress" for the CISSP, you probably won't be in information security, but another IT group - working for a large international financial organization ("we are everywhere you want to be" says Morgan Freeman our spokesperson); we have no trouble attracting super qualified people with advanced degrees and gold-standard certifications for about any job we post.
It will depend on the job requirement, and if you are a company providing security services some customers might want someone with CISSP cert, then we hire accordingly.
However, if there is no need for such requirement, hire as per your job requirements.