Last year I retired from active full time employment, but continue to stay current in the field, try to contribute where I can, and accept a small stipend for assisting a university in academic efforts in cybersecurity.
The distressingly steep in increase in AMF costs just announced has me considering a change to CISSP - Retired status at the end of my current three-year certification period, on October 31, 2020.
However, one of the requirements for CISSP Retired status is the following:
The phrase "practicing or employed" leads me to interpret the requirement so I cannot even advise students in cybersecurity work, whether paid or not, and hold the status of CISSP Retired.
As I read the (ISC)2 statement on use of the trademarked term CISSP, it appears that once I am neither CISSP nor CISSP Retired I am not allowed to to use statements such as former CISSP, 2002-2020.
This is a disturbing situation.
For now, it appears that after 10/31/2020 my only option is to declare, "previously professionally certified in information security, 2002-2020."
Others thoughts, especially @rslade and @Caute_cautim, on my interpretation and the situation?
I do not think that teaching/mentoring even in an official capacity at a college/university would prevent you from being able to use the retired status.
@CraginSTechnically you are still contributing to the community and therefore you have not formally retired, from my perspective of the situation. Given the world is calling out for more experienced security practitioners by 2020 approximately 1.5 million shortage is forecast.
I would hasten to forecast even from where I reside in New Zealand, that many professionals continue to the ripe old age of 70 years old, which is often the case.
It would appear by contributing to the University or even teaching would earn you CPE's and technically you contributing to the profession and the community as a whole.
I have a colleague who went into formal retirement this year, yet technically he is still contributing to the community and earning CPE's and has not as yet formally retired from ISC(2) - currently he is visiting other ISC(2) groups and supporting them and encouraging them due to the lack of CISSP certified professionals in the area he is visiting etc.
I think once again this is another area, which out of step with reality, which those of us in the private sector, see every day and appreciate the dilemma that many organisations have at present.
Regards
Caute_cautim
Personally I think the CISSP retired is just the wrong solution to the issue of security professionals who may be on a reduced income because of retirement and it doesn’t address study, time off for illness disability, family etc.
It’s also age discriminatory, and I’d figure retired folks would like to keep up and keep submitting CEUs etc. Unless of course they are loaded an spending all their time in Vegas and Swimming with the dolphins - and then they can probably well afford the membership fees.
Mf feeling is that for folks who can demonstrate a low income is that membership fees should be lowered to perhaps 30-50 USD per annum(self certified code of ethics applies, honour bar etc). Most of us are down with the cooperation side of prisoners dilemma in any case so properly audited it wouldn’t be an issue. if you’re paying reduced fees and folks are verifying you CISSP or other certification maybe ISC2 could ask if you got the job a month later...
In cases of extraordinary hardship maybe we should have a reveiwed membership waiver in place.
Good Morning:
I am thinking about retiring as a 10 year CISSP. However, after reading the ISC2 requirements and this exchange, I am wondering, outside of having access to ISC2 meetings and materials, what good is the designation of CISSP Retired? What does one list on a resume regarding their 10 years of credentialed history if one wanted to take on part time Information Assurance and Security work after retiring? In addition, if I do take on part time work, what is the impact to my CISSP Retired credentialed standing?
Here is a different perspective. A standard four year college degree in Information Assurance requires 160 - 180 credit hours. Once completed, there is no requirement to continue your education to keep your degree status or list it on a resume. A 10 year CISSP will have put in 400 plus hours of continuing education after having passed the CISSP exam and apparently must continue to do so in order to list CISSP on their resume. This hardly seems fair or equitable to those of us who have paid our dues and kept in good standing for 10 years or more.
Another thought moving forward is that the CompTIA Advanced Security Practitioner (CASP) exam costs $379.00, the annual fee is $49.00 and the required CEUs are 75 for a three year period. The DoD has been accepting the CASP certification for meeting the 8570.01 IAT-3 requirement. If ISC2 is not careful in dealing with this issue, more people will elect to go with the CASP certification.
I am not sure what if anything I can list on my resume if I want to take part time work without violating the rules for being a retired CISSP. ISC2 should allow those of us who qualify to retire in good standing after 10 years to list it on our resume as such and not penalize us should we decide to take on consulting or part time work so long as we do not state that our CISSP is current.
Finally, it would be very helpful if an official representative from ISC2 would address these concerns.
Respectfully;
Mark Khan
CISSP (for now)
> Batman-15 (Viewer) posted a new reply in Career on 01-07-2020 12:29 PM
> Good Morning: I am thinking about retiring as a 10 year CISSP. However, after
> reading the ISC2 requirements and this exchange, I am wondering, outside of
> having access to ISC2 meetings and materials, what good is the designation of
> CISSP Retired?
The advantage, for ISC2, is that it ensures you have paid up all you AMFs, and it gives them an extra $100.
Oh, the advantage for you, you mean? Hmmmm. Tough one. I simply stopped paying ...
@Batman-15A colleague of my own in New Zealand has done the same thing. He has retired, but he carries on attending ISC2 chapter meetings and he shows the CISSP Retired designation on his e-mail signature. He even has his own business cards printed, indicating CISSP Retired, so he is being up front. However, he still goes out and consults and provides advice for a couple of days a week to keep the brain going. As he stated to keep it in learning mode, rather than going into a fixed mode, where the synapses are no longer challenged and firing and learning - which is exactly what the brain needs to keep it active.
He has been upfront, but he uses his experience, and he actively participates locally, and still a valuable asset to the community and the area he has retired too.
The advantage from his perspective, is he still has access to courses, especially short courses and this keeps his skills up, and access to research and knowledge as a member.
As we have seen in 2020 already, the world is moving so far, it is important to keep up to date or one quickly falls behind with the speed and agility of changes and the associated understanding of its implications.
Does other examination bodies provide same opportunities and access to membership courses even though they are short, keeps you up to date and relevant?
My own thoughts, given the fundamental issues we are facing right now with AI, Data, digital IDs and self Sovereignty, IoT, IIoT, OT and communications connectivity issues at speeds with devices being interconnected and along with this the issue of Deep fakes - many cannot tell the difference between what is real or what is no real - and now Forbes is stating that one needs to be a Home CISO in your own home to keep up with issues coming at us. It is important to keep in contact, via the community, by association and with access to learning material so you can keep relevant.
Regards
Caute_cautim
@Batman-15 wrote:...
Here is a different perspective. A standard four year college degree in Information Assurance requires 160 - 180 credit hours. Once completed, there is no requirement to continue your education to keep your degree status or list it on a resume. A 10 year CISSP will have put in 400 plus hours of continuing education after having passed the CISSP exam and apparently must continue to do so in order to list CISSP on their resume. This hardly seems fair or equitable to those of us who have paid our dues and kept in good standing for 10 years or more.
Mark,
Degrees and certifications are widely understood as different types of credentials. Showing you have a degree (or certificate of training) is a sign you completed a specific program successfully. There is no indication of experience or currency in the degree; that assurance would come from your subsequent work experience and other training. Showing you hold a particular certification is an indication you are currently capable in a specific skill set. The aspect of currency is critical, whether in medicine or automotive repair or cybersecurity.
This is the very reason that the US Defense Department set up the 8570 (now 8140) requirements to use approved certifications and ignored any degree requirements.
@Batman-15 wrote:Good Morning:
...
What does one list on a resume regarding their 10 years of credentialed history if one wanted to take on part time Information Assurance and Security work after retiring?
...
I am not sure what if anything I can list on my resume if I want to take part time work without violating the rules for being a retired CISSP. ISC2 should allow those of us who qualify to retire in good standing after 10 years to list it on our resume as such and not penalize us should we decide to take on consulting or part time work so long as we do not state that our CISSP is current.
As I indicated in my post to start this thread, when the time comes I an considering phrasing along the lines of
Professionally certified in infosec [or cybersecurity], 2002 - 2021
Craig