A colleague of mine at work asked me why I am always studying as though I am preparing to take another exam. However, I think that one of the worst things that we can do as security professionals is to pass the CISSP or other high-level security exam and study less thereafter. I think that we should hit the books harder AFTER we have been successful passing the CISSP. What makes a ‘paper’ CISSP or other security professional is that lack of follow through. The CISSP, at least, is an exam that one should treat like a PhD or any other terminal degree. Your body of work isn’t complete just because you have that certification framed, in fact, your journey has only begun. The security bodies of knowledge are forever changing, and we must be prepared to meet those challenges of tomorrow.
Lamont @Lamont29 has given the core reason we need to be serious about the requirement for ongoing Continuing Professional EDUCATION. Perfect. Thank you.
This logic is also why I have a personal objection to allowing volunteer work in running an (ISC)2, ISSA, or INCOSE chapter to count as CPE. This practice smells more like a bribe to help maintain chapters than actual education.
Returning to the main point, yes, ,to deserve the label of professional in our field, we all do need to stay on top of rapidly changing and expanding world. As for the commitment of a CISSP as analogous to a PhD, yes, earning a research doctorate simply says, 'OK, now you actually know how to conduct research. Now go forth and do more."
Lifelong learning is a hallmark of a successful IT worker. Like your HS degree, your first bachelors and beyond, your certification initiates a new beginning. They offer a personnel and professional challenges that are milestones for each of us, though they are not an end. The broad base of the CISSP certification being that inch deep, mile wide amount of knowledge is an emphasis how how much there is to know and keep up with. The world is dynamic and it takes the philosophy of being a continuous learner just to keep in place with ourselves competent.
Enjoy the path you have chosen or that you may find has chosen you through your interests and abilities. You have achieved much and there is much more that will beacon you on this journey.
Daniel Nash, MS A, MS IT, BS, BS, CISSP, A+, Network+, I-net+, Linux+, Project+, Security+, LPIC-1, MCP, M CIW A, M CIW D, M CIW M, CIW Security Analyst, CIW Database, CCNA, Sitecore Professional Developer, SAFe Agile, ....
> Daniel-Nash1 (Newcomer II) posted a new reply in Certifications on 10-09-2018
> Lifelong learning is a hallmark of a successful IT worker.
One of the reasons I like security so much is that it demands you keep up, and, no matter what you learn, it seems to have a bearing on security at some point.
> Daniel Nash, MS
> A, MS IT, BS, BS, CISSP, A+, Network+, I-net+, Linux+, Project+, Security+,
> LPIC-1, MCP, M CIW A, M CIW D, M CIW M, CIW Security Analyst, CIW Database,
> CCNA, Sitecore Professional Developer, SAFe Agile, ....
...although I'm willing to concede that principle may have some limitations ...
"This logic is also why I have a personal objection to allowing volunteer work in running an (ISC)2, ISSA, or INCOSE chapter to count as CPE. This practice smells more like a bribe to help maintain chapters than actual education."
Sorry, I disagree with this.
This is about providing leadership, something we need both in our jobs and in the larger infosec community. ISACA also provides CPEs for their certs if you are a chapter leader. No one should look at CPEs as "bribery", but sadly, we have many people, who because they aren't doing the activities they should to get CPEs, that sometimes you need to use a carrot/stick method.
As a professional educator, I tell my students "learning is lifelong and your education is something that no one can take away from you!"
Warren Mack, Ph.D., CISSP
@CraginS Sorry I disagree with you on earning CPEs for running a chapter, et al. I don't see it as a bribe but rather an opportunity help develop skills other than Security (which I believe have been targeted as Group B). Running a chapter, etc., allows one to develop soft skills such as budgeting, coordination, presentation skills, working with external sources to arrange meetings, etc. which as all professionals we should be doing. So I see no problem with allowing up to 10 CPEs a year for something like this.
Also participating in the meetings themselves can aid one with interpersonal skills (also soft skills) but provide a venue to learn about new methods of working or new technologies.
I have been learning new things since the day I entered Security (one of the reasons, I like being in Security)...it challenges me daily.
> dcontesti (Newcomer III) posted a new reply in Certifications on 11-02-2018 06:22 PM in the (ISC)Â² Community :
> @CraginS Sorry I disagree with you
Fight! Fight! :-)
> I don't see it as a bribe but rather an opportunity help develop
> skills other than Security (which I believe have been targeted as Group
I'm on Diana's side. Security management is a big part of security, and, if you aren't a manager, helping out with a chapter is a big opportunity to learn. (If you *are* a manager, helping out with a chapter is a good opportunity to learn a different environment. Always valuable.)
We have some supporting experience of this in the Vancouver Chapter. A few years ago we started encouraging our student members to help out in the executive. (Not just token jobs, either: real positions.) We got great benefit from their energy, but they also got terrific experience (and contacts). So much so that at least one college now considers being on our exec to be valid "work experience" in support of their academic program.
> I have been learning new
> things since the day I entered Security (one of the reasons, I like being in
> Security)...it challenges me daily.
Amen and amen.
====================== (quote inserted randomly by Pegasus Mailer)
email@example.com firstname.lastname@example.org email@example.com
A man thinks that by mouthing hard words he understands hard
things. - Herman Melville