Thanks Bill. Yes, I have a picture of the stack of the documents... it was intimidating to say the least. I took an incremental approach where I studied for the CAP to get the NIST RMF and the core NIST docs and FIPS off the table. Then I studied for FITSI's (federal IT security institute) FITSP-Manager and FITSP-Auditor exams. These further chipped away at OMB circulars, memoranda etc. That left me with 3 of the 4 domains to focus on for the ISSEP. Susan Hansche's 2005 brilliantly detailed tome still has a lot of value. Especially the section that explains the ISSE activities and the IATF. I paid out of pocket for the official training just because I wanted the 'updated' ISC2 material. Kate Jackson did a fantastic job delivering the content over several weeks to remote attendees.
If anyone is thinking about taking the ISSEP, I would wait until ISC2 puts out the updated version in September 2018. It is my understanding it will be less DoD/IC-centric and more focused on alignment with Systems Engineering out of NIST SP 800-160, the INCOSE body of knowledge, and ISO/IEC/IEEE 15288. According to https://www.isc2.org/Certifications/CISSP-ISSEP/Domain-Refresh-FAQ , there are other changes planned for this concentration.
Kudos to you guys for wading through all that and passing the test!
Thanks, but I didn't study. It just actually was my job for several years before I sat for the test.
It really depends on how you feel about it. Given the field you're in, your CPA designation (for sure) and the balance of your certifications are relevant. I've collected a bunch and added the string of alphabet soup to my business card. It has been an icebreaker on many occasions that ended in the other person and me laughing. "I had a federal contract recompete in 2014 that required a CISSP... I got a little carried away"
You worked hard for your designation and your certs. Sure, having a certification doesn't mean you're an expert but it does demonstrate you had a desire to benchmark your knowledge against against a standard recognized in your industry.
> Knarfster (Viewer) posted a new reply in Career on 10-10-2018 07:37 PM in the
> What is the groups opinion on listing Certifications after your name? How many
> is too many? I could list CPA, CISSP, CISA, CISM, CIA and I work in the InfoSec,
> Risk and Compliance.
There's another discussion/topic/thread that covered this at length:
1) This probably isn't the place to get jobs, and nobody else is impressed.
2) Us real old dinosaurs are particularly unimpressed. We tend to figure out pretty
fast what you know (from what you say), and, knowing the convoluted paths that
*we* took to get here, we know it's mostly a matter of accident how you got here.
(If you got here.)
3) There's always the danger that a cert is going to trigger people the wrong way.
(Not the way you intended.) For example, I know a great many people who, if
they saw an MCSE on a resume, automatically round-filed it.
4) And then, a lot of people think that a string of certs after your name is
overcompensation (and start wondering what for ...)
Why not ask Daniel?
====================== (quote inserted randomly by Pegasus Mailer)
firstname.lastname@example.org email@example.com firstname.lastname@example.org
Ah, this is obviously some strange use of the word `safe' that I
wasn't previously aware of.
Arthur Dent in `The Hitchhiker's Guide to the Galaxy', Douglas Adams
Knarfster, welcome to the forum and yes, it is an appropriate question (especially for a board hosted by a certification organization). I want to thank Rslade for the two links in his post. It certainly shows the wide range of opinions on listing certs and is important insight into the culture of this particular board. Given the amount of time it takes to study for most certifications, anyone who is using it to establish they are an expert is setting themselves up for a backlash.
Listing certifications somewhere on your linkedin profile will probably get you more profile views and inmail job offers (mine certainly did vs before I picked up my first cert in 2014). Interacting with your network (on and offline) is what will help you establish valuable lasting connections. Some people at my workplace and in my network have commented on how I inspired them to study for a cert. I don't really see the downside there.
Certs in my experience, are simply gamification of learning and, like the geek code of the early 90's, it tells people a little bit about things you've focused on when you hit the books after a full day or work.
I was excited to see another member who has at least dipped a toe in the SABSA world. I've seen heated exchanges on linkedin in the education vs experience vs certification arguments... I don't really understand the vitriol (or the vs). Enjoy Star Trek and Star Wars. Seriously, while people shouldn't brag about certs or claim expertise that certs do not support, I'll choose a lifelong learner who is passionate about the domain given the choice between two similar candidates.
Curmudgeons like Rob, I and others often reply "tongue in cheek" in our attempt at humor (or humour in Rob's case - ;-) )
The only questions that may tend to be inappropriate are the questions no one asks -- even if a question has been asked or answered, there is often a new take on it.
Besides, we curmudgeons are now old Dotards! It helps us immensely to answer such questions so we can remember the answers or invent new answers as the case may be.
Congratulations on your achievements, and best wishes on your continued successes.