cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Advocate I

Retired CISSP - Problematic Requirement

Last year I retired from active full time employment, but continue to stay current in the field, try to contribute where I can, and accept a small stipend for assisting a university in academic efforts in cybersecurity.

 

The distressingly steep in increase in AMF costs just announced has me considering a change to CISSP - Retired status at the end of my current three-year certification period, on October 31, 2020.

 

However, one of the requirements for CISSP Retired status is the following:

  • No longer practicing or employed as an information security professional (including consulting, private and public sector work)

The phrase "practicing or employed" leads me to interpret the requirement so I cannot even advise students in cybersecurity work, whether paid or not, and hold the status of CISSP Retired.

 

As I read the (ISC)2 statement on use of the trademarked term CISSP, it appears that once I am neither CISSP nor CISSP Retired I am not allowed to to use statements such as former CISSP, 2002-2020.

 

This is a disturbing situation.

For now, it appears that after 10/31/2020 my only option is to declare, "previously professionally certified in information security, 2002-2020."

 

Others thoughts, especially @rslade and @Caute_cautim,  on my interpretation and the situation?

 

 

 

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
5 Replies
Newcomer III

Re: Retired CISSP - Problematic Requirement

I do not think that teaching/mentoring even in an official capacity at a college/university would prevent you from being able to use the retired status.

Community Champion

Re: CraginS mentioned you in (ISC)² Community

> CraginS (Advocate I) mentioned you in a post! Join the conversation below:

> Last year I retired from active full time employment, but continue to stay
> current in the field, try to contribute where I can, and accept a small stipend
> for assisting a university in academic efforts in cybersecurity.   The
> distressingly steep in increase in AMF costs just announced has me considering a
> change to CISSP - Retired status at the end of my current three-year
> certification period, on October 31, 2020.   However, one of the requirements
> for CISSP Retired status is the following: No longer practicing or employed as
> an information security professional (including consulting, private and public
> sector work) The phrase "practicing or employed" leads me to interpret the
> requirement so I cannot even advise students in cybersecurity work, whether paid
> or not, and hold the status of CISSP Retired.

Huh. Interesting point. About employment, anyway.

"Practicing" usually means paid. I suspect that the "practicing" is just in there to
cover contractors and such who are not employees. I advise people, usually
candidates for the exam, but I don't get paid for it, so I would definitely say I'm
not practicing. You might be sailing close to the wind with the stipend, but I'd say
it fits in with pretty much the run of the mill as far as "retired" status in most
fields.

(However, I'd go with the code of ethics on it, and say that the minor violation of
contractual wording was more than overcome by the benefits to the profession,
and to society.)

ISC2 might want to revisit the wording of that section of the retired status. (It's
looking less and less useful the more I hear of it.)

>   As I read the (ISC)2 statement
> on use of the trademarked term CISSP, it appears that once I am neither CISSP
> nor CISSP Retired I am not allowed to to use statements such as former CISSP,
> 2002-2020.   This is a disturbing situation. For now, it appears that after
> 10/31/2020 my only option is to declare, "previously professionally certified in
> information security, 2002-2020."

I'd say that, as long as you don't claim a current CISSP, you can still use those
letters somewhere in your CV without running too far afoul of trademark law.
Legal cases are always iffy, but lots of people use those letters in lots of articles in
the press every single day and don't get sued by ISC2. They'd have a hard time in
court as long as you only say what is true.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
The Internet may promise to improve the way we educate and learn,
but so did early television. TV technology has instead reduced
our attention spans, reduced intellectual conversations to sound
bits, and left us with the impression that in order to be
informed, we must first be entertained. - Lew Platt, of HP
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Community Champion

Re: CraginS mentioned you in (ISC)² Community

@CraginSTechnically you are still contributing to the community and therefore you have not formally retired, from my perspective of the situation.   Given the world is calling out for more experienced security practitioners by 2020 approximately 1.5 million shortage is forecast.  

 

I would hasten to forecast even from where I reside in New Zealand, that many professionals continue to the ripe old age of 70 years old, which is often the case.

 

It would appear by contributing to the University or even teaching would earn you CPE's and technically you contributing to the profession and the community as a whole. 

 

I have a colleague who went into formal retirement this year, yet technically he is still contributing to the community and earning CPE's and has not as yet formally retired from ISC(2) - currently he is visiting other ISC(2) groups and supporting them and encouraging them due to the lack of CISSP certified professionals in the area he is visiting etc.

 

I think once again this is another area, which out of step with reality, which those of us in the private sector, see every day and appreciate the dilemma that many organisations have at present.

 

Regards

 

Caute_cautim

Community Champion

Re: CraginS mentioned you in (ISC)² Community

Personally I think the CISSP retired is just the wrong solution to the issue of security professionals who may be on a reduced income because of retirement and it doesn’t address study, time off for illness disability, family etc.

 

It’s also age discriminatory, and I’d figure retired folks would like to keep up and keep submitting CEUs etc. Unless of course they are loaded an spending all their time in Vegas and Swimming with the dolphins - and then they can probably well afford the membership fees.

 

Mf feeling is that for folks who can demonstrate a low income is that membership fees should be lowered to perhaps 30-50 USD per annum(self certified code of ethics applies, honour bar etc). Most of us are down with the cooperation side of prisoners dilemma in any case so properly audited it wouldn’t be an issue. if you’re paying reduced fees and folks are verifying you CISSP or other certification maybe ISC2 could ask if you got the job a month later...

 

In cases of extraordinary hardship maybe we should have a reveiwed membership waiver in place.

Community Champion

Re: Retired CISSP Problematic Requirement

> Early_Adopter (Advocate I) posted a new reply in Career on 01-27-2019 08:36 AM

> Personally I think the CISSP retired is just the wrong solution to the issue of
> security professionals who may be on a reduced income because of retirement and
> it doesn’t address study, time off for illness disability, family etc.  
> It’s also age discriminatory, and I’d figure retired folks would like to
> keep up and keep submitting CEUs etc. Unless of course they are loaded an
> spending all their time in Vegas and Swimming with the dolphins - and then they
> can probably well afford the membership fees.   Mf feeling is that for folks
> who can demonstrate a low income is that membership fees should be lowered to
> perhaps 30-50 USD per annum(self certified code of ethics applies, honour bar
> etc).

I'd be down with that: I could probably get a rebate on most of my AMFs for the
past couple of decades ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
[He] had met decent men and fools and people who'd steal a penny
from a blind beggar and people who performed silent miracles or
desperate crimes every day behind the grubby windows of little
houses, but he'd never met The People - Night Watch, Terry Pratchett
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468