Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Champion

Interesting comments on Peerlysts on the relevance of the CISSP qualification

HI All


There is an interesting discussion on Peerlyst as to the relevance of the CISSP and its worth.


What do others think?





11 Replies
Influencer II

> CraginS (Advocate I) posted a new reply in Career on 07-27-2019 11:03 AM in the

> First, I
> believe the CISSP is a worthwhile certification, and am glad I completed mine

Amen. I still think it's worthwhile. I still think it is a significant achievement in
testing. I'm glad I took it, mostly to prove to myself that I *did* know what I
was talking about when consulting, and because facilitating the seminars was a lot
of fun.

> That said, I blame both (ISC)2 and a subset of CISSPs for grossly
> overstating what the certification indicates. When both the organization and
> some CISSPs represent it as meaning that the holder is an expert on all aspects
> of information security they do us all a disservice.

Amen again. The CISSP is a *minimum* certification, a criterion-based
certification. It is the *least* that a professional should know. (Not a front line
worker, maybe, but a professional: a manager, consultant, or other similar

> The results of that
> deception are that employers  have made CISSP a filter for hiring in totally
> inappropriate situations, and individual CISSPs have taken on on jobs they were
> not really qualified for, such that their poor performance damaged the
> reputation of all CISSPs and the certification itself.

And again. And the description @CraginS goes on to provide is probably
something that should go into ISC2 literature ...

====================== (quote inserted randomly by Pegasus Mailer)
Sure [Fred Astaire] was great, but dont forget that Ginger Rogers
did everything he did--backwards and in high heels. - Bob Thaves


Other posts:

This message may or may not be governed by the terms of or
Contributor III

@CraginS wrote:


Finally, I disagree with Steve @Steve-Wilme that the certification is akin to  a college degree.  Completed degrees have no indication of continuous updating of knowledge and skills. The CPE requirement of CISSP, CISM, SSCP, CISA, all in accord with ISO 17024, is the linchpin to making any of these certifications an ongoing indication of currency in the field.



I would also disagree with comparing a certification with a degree.


And a good proof of this is both SANS and EC-Council offer degrees.  Earning their certifications is the equivalent of passing classes.  So get certs will lead to a degree, but are not in themselves the equivalent.