I understand your point about the difference between a college degree and a certification. In the past, a 4 year degree carried a lot of weight when applying for a job. In some cases, you could simply have a music degree and still get hired to be a CIO of a company (Equifax). Times have changed. You have to balance everything equally. Someone who just graduates college with a computer security degree does not outweigh a person with 10 years experience as a CISSP.
My issue is that listing a degree on your resume helps you meet employment requirements for the rest of your life! You don't even have to continue to meet educational requirements like CISSPs do (BIG DIFFERENCE). However, if you want to retire as a CISSP, ISC2 says you can list it on your resume, but you can't work anymore in ANY security field. This is unfair to those of us who, after retiring, may want to do consulting or part time security work. I believe that as long as we are upfront and indicate that we are a "retired" CISSP, we should be allowed to consult or accept employment without fear of penalty or compromising our standing with ISC2.
I know this thread goes back a few years, but I was wondering if there have been any developments in the official position on retired CISSPs? I think @CraginS raised some interesting points.
My own situation is a bit different. I'm not employed in information security these days, although I did recently conduct an online seminar on scam avoidance and response for carers/caregivers (pro bono, and an interesting area TBH - how to react if you're looking after someone and they fall for a phishing message, can't hear well enough to talk to their bank, and forgot their security secret, etc.).
My CISSP is still current, but when it runs out in 2023 I may not feel the need to renew it. If I don't renew, then I may find myself occasionally using the words "former CISSP" but not in the context of apply for jobs/contracts. I can't think of any valid objections to that but was wondering if anyone had been challenged for using those words .
Cheers ... Stephen
Stephen @scobb said, "If I don't renew, then I may find myself occasionally using the words "former CISSP" but not in the context of apply for jobs/contracts. I can't think of any valid objections to that but was wondering if anyone had been challenged for using those words ."
I don't know if anyone has actually been chastised for using that phrase. To avoid any hassle, as of last fall I started using phrasing like, formerly "certified in information systems security by (ISC)2..."
Good luck. I wonder if anyone will answer your questions.
Interesting post. I have maintained my CISSP since 2008.
Read through the comments and am thinking along the lines of what possible benefits
is it to maintain a certification when retired. Not a fan of "retired" status. Almost seems like why bother and be done with it.
1. Can you use your previous work history/education in your university/course bio that would not need need additional mention of CISSP to communicate you know your stuff?
2. Are there "free" associations like Infragard you can add to your credentials (to beef up the bio)?
Otherwise maybe I would consider maintaining it for the purposes of:
1. Paid engagements (e.g. consulting work)
2. Access to website content
Congrats on the retirement.