Retired CISSP - Problematic Requirement - Page 2

CraginS · ‎01-26-2019

Last year I retired from active full time employment, but continue to stay current in the field, try to contribute where I can, and accept a small stipend for assisting a university in academic efforts in cybersecurity.

The distressingly steep in increase in AMF costs just announced has me considering a change to CISSP - Retired status at the end of my current three-year certification period, on October 31, 2020.

However, one of the requirements for CISSP Retired status is the following:

No longer practicing or employed as an information security professional (including consulting, private and public sector work)

The phrase "practicing or employed" leads me to interpret the requirement so I cannot even advise students in cybersecurity work, whether paid or not, and hold the status of CISSP Retired.

As I read the (ISC)2 statement on use of the trademarked term CISSP, it appears that once I am neither CISSP nor CISSP Retired I am not allowed to to use statements such as former CISSP, 2002-2020.

This is a disturbing situation.

For now, it appears that after 10/31/2020 my only option is to declare, "previously professionally certified in information security, 2002-2020."

Others thoughts, especially @rslade and @Caute_cautim, on my interpretation and the situation?

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts

Batman-15 · ‎01-10-2020

Good morning:

I understand your point about the difference between a college degree and a certification. In the past, a 4 year degree carried a lot of weight when applying for a job. In some cases, you could simply have a music degree and still get hired to be a CIO of a company (Equifax). Times have changed. You have to balance everything equally. Someone who just graduates college with a computer security degree does not outweigh a person with 10 years experience as a CISSP.

My issue is that listing a degree on your resume helps you meet employment requirements for the rest of your life! You don't even have to continue to meet educational requirements like CISSPs do (BIG DIFFERENCE). However, if you want to retire as a CISSP, ISC2 says you can list it on your resume, but you can't work anymore in ANY security field. This is unfair to those of us who, after retiring, may want to do consulting or part time security work. I believe that as long as we are upfront and indicate that we are a "retired" CISSP, we should be allowed to consult or accept employment without fear of penalty or compromising our standing with ISC2.

scobb · ‎08-30-2021

I know this thread goes back a few years, but I was wondering if there have been any developments in the official position on retired CISSPs? I think @CraginS raised some interesting points.

My own situation is a bit different. I'm not employed in information security these days, although I did recently conduct an online seminar on scam avoidance and response for carers/caregivers (pro bono, and an interesting area TBH - how to react if you're looking after someone and they fall for a phishing message, can't hear well enough to talk to their bank, and forgot their security secret, etc.).

My CISSP is still current, but when it runs out in 2023 I may not feel the need to renew it. If I don't renew, then I may find myself occasionally using the words "former CISSP" but not in the context of apply for jobs/contracts. I can't think of any valid objections to that but was wondering if anyone had been challenged for using those words .

Cheers ... Stephen

https://www.linkedin.com/in/stephencobb/

CraginS · ‎08-30-2021

Stephen @scobb said, "If I don't renew, then I may find myself occasionally using the words "former CISSP" but not in the context of apply for jobs/contracts. I can't think of any valid objections to that but was wondering if anyone had been challenged for using those words ."

Stephen,

I don't know if anyone has actually been chastised for using that phrase. To avoid any hassle, as of last fall I started using phrasing like, formerly "certified in information systems security by (ISC)2..."

Good luck. I wonder if anyone will answer your questions.

Craig

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts

RRoach · ‎09-01-2021

Interesting post. I have maintained my CISSP since 2008.

Read through the comments and am thinking along the lines of what possible benefits

is it to maintain a certification when retired. Not a fan of "retired" status. Almost seems like why bother and be done with it.

1. Can you use your previous work history/education in your university/course bio that would not need need additional mention of CISSP to communicate you know your stuff?

2. Are there "free" associations like Infragard you can add to your credentials (to beef up the bio)?

Otherwise maybe I would consider maintaining it for the purposes of:

1. Paid engagements (e.g. consulting work)

2. Access to website content

Congrats on the retirement.

AndreaMoore · ‎12-13-2022

(ISC)² Retired Status is now officially (ISC)² Emeritus Status.

The updated policy is located here titled “(ISC)² Emeritus Status Policy” https://www.isc2.org/Policies-Procedures/Member-Policies and is also available on the Member Resources page (behind member login).

The policy explains the process and requirements for obtaining Member Emeritus designation. If you have further questions that are not answered in the policy, you may email membersupport@isc2.org.

ISC2 Community Manager

AlecTrevelyan · ‎12-13-2022

@AndreaMoore @Kaity

Hi Andrea and Kaity,

Do you know if the Retired/Emeritus designation got/gets reported in the bi-annual member count?

I don't see it in there, but don't know if that's because it doesn't get reported or if it's because of some other reason?

Kaity · ‎12-13-2022

That's a great question @AlecTrevelyan! I will ask the folks preparing that (it typically comes out in March or April)!

anthonyl · ‎07-30-2024

many of us have the same issue, im struggling with the same now.