cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I

Retired CISSP - Problematic Requirement

Last year I retired from active full time employment, but continue to stay current in the field, try to contribute where I can, and accept a small stipend for assisting a university in academic efforts in cybersecurity.

 

The distressingly steep in increase in AMF costs just announced has me considering a change to CISSP - Retired status at the end of my current three-year certification period, on October 31, 2020.

 

However, one of the requirements for CISSP Retired status is the following:

  • No longer practicing or employed as an information security professional (including consulting, private and public sector work)

The phrase "practicing or employed" leads me to interpret the requirement so I cannot even advise students in cybersecurity work, whether paid or not, and hold the status of CISSP Retired.

 

As I read the (ISC)2 statement on use of the trademarked term CISSP, it appears that once I am neither CISSP nor CISSP Retired I am not allowed to to use statements such as former CISSP, 2002-2020.

 

This is a disturbing situation.

For now, it appears that after 10/31/2020 my only option is to declare, "previously professionally certified in information security, 2002-2020."

 

Others thoughts, especially @rslade and @Caute_cautim,  on my interpretation and the situation?

 

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
13 Replies
Batman-15
Viewer II

Good morning:

I understand your point about the difference between a college degree and a certification. In the past, a 4 year degree carried a lot of weight when applying for a job. In some cases, you could simply have a music degree and still get hired to be a CIO of a company (Equifax). Times have changed. You have to balance everything equally. Someone who just graduates college with a computer security degree does not outweigh a person with 10 years experience as a CISSP.

My issue is that listing a degree on your resume helps you meet employment requirements for the rest of your life! You don't even have to continue to meet educational requirements like CISSPs do (BIG DIFFERENCE). However, if you want to retire as a CISSP, ISC2 says you can list it on your resume, but you can't work anymore in ANY security field. This is unfair to those of us who, after retiring, may want to do consulting or part time security work. I believe that as long as we are upfront and indicate that we are a "retired" CISSP, we should be allowed to consult or accept employment without fear of penalty or compromising our standing with ISC2.

 

 

scobb
Viewer III

I know this thread goes back a few years, but I was wondering if there have been any developments in the official position on retired CISSPs? I think @CraginS raised some interesting points.

 

My own situation is a bit different. I'm not employed in information security these days, although I did recently conduct an online seminar on scam avoidance and response for carers/caregivers (pro bono, and an interesting area TBH - how to react if you're looking after someone and they fall for a phishing message, can't hear well enough to talk to their bank, and forgot their security secret, etc.).  

 

My CISSP is still current, but when it runs out in 2023 I may not feel the need to  renew it. If I don't renew, then I may find myself occasionally using the words "former CISSP" but not in the context of apply for jobs/contracts. I can't think of any valid objections to that but was wondering if anyone had been challenged for using those words .

 

Cheers ... Stephen

https://www.linkedin.com/in/stephencobb/

 

CraginS
Defender I

Stephen @scobb said, "If I don't renew, then I may find myself occasionally using the words "former CISSP" but not in the context of apply for jobs/contracts. I can't think of any valid objections to that but was wondering if anyone had been challenged for using those words ."

 

Stephen,

I don't know if anyone has actually been chastised for using that phrase. To avoid any hassle, as of last fall I started using phrasing like, formerly "certified in information systems security by (ISC)2..."

 

Good luck. I wonder if anyone will answer your questions.

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
RRoach
Contributor I

Interesting post.  I have maintained my CISSP since 2008.

Read through the comments and am thinking along the lines of what possible benefits

is it to maintain a certification when retired. Not a fan of "retired" status. Almost seems like why bother and be done with it.

 

1. Can you use your previous work history/education in your university/course bio that would not need need additional mention of CISSP to communicate you know your stuff?

2. Are there "free" associations like Infragard you can add to your credentials (to beef up the bio)?

 

Otherwise maybe I would consider maintaining it for the purposes of:

1. Paid engagements (e.g. consulting work)

2. Access to website content 

 

Congrats on the retirement.