> conversely one passing themselves off as a deep
> authority on the strength of CISSP is not doing really
> doing the right thing
Unsure of the meaning of thre sequential carets in text - so I’ll plough on with more pontification from YT starting with an Interesting quote by an ex-British prime minister(I’ll leave you to infer which one):
“Being powerful is like being a lady... if you have to tell people you are, you aren't.” irrespective of of where you sit politically thais is very true.
One of of the things we do have to remember is that certifications(or degrees - or even the coveted ‘march and shoot’ medal)are not really ‘load-bearing’ , they are a useful short hand but can’t make up for a lack of experience, authenticity, (controlled)passion, good demeanour, critical thinking - the minute you use them in the wrong way (unalloyed appeal to authority) you’re going to start devaluing them.
The CISSP was always billed as “an inch deep and a mile wide” showing awareness of many disiplines - I think that exams are going to be easy or difficult based on someone’s knowledge, experience, congnitive horsepower, state of mind and how many times they’ve seen ‘Cool Hand Luke’.*
I’d say that there is a need for ISC2 keeping the confirmation needed consistent with the CBK and this in turn is driven by the needs of industry, I do think think a quota system should be implemented you meet the required level of competence or you don’t and there is a threshold of error in any exam, plus the exam is just a component of the certification. We need to try to bring people up to that level without dropping standards on the exam(ISC2 does that, so trust but verify there) or raising the bar artificially or selectively(we are not, and never should be in the business of excluding people).
If you think about the experience requirement for a CISSP(4-5 years) it’s really akin to having completed an apprenticeship and going from becoming a journeyman, a skilled craftsman(person) off to make their way in the world, but it’s probably not enough time to be a master craftsman - this requires much more, you should produce a masterwork and have peers review it(I don’t think it’s always practical to certify for mastery in novel and highly dynamic problem spaces).
*The last item may not be 100% accurate when determining someone’s comfort level against writing the CISSP exam...
The way that you describe the scenario is that your co-workers are not exposed to the type of work that would prepare them for the CISSP.
The original purpose of a minimum experience requirement was to ensure that the CISSP applicant could not only regurgitate the CBK, but also had the experience and maturity to apply it successfully.
In either case, it doesn’t sound like your co-workers are getting the opportunity to develop the experience they need and should probably start applying for other jobs where they can acquire that experience. You know like, career planning.
If the CISSP is a minimum requirement for them to stay employed (such as working for the U.S. federal government), they shame on them for not being prepared to take the exam when they first started. Employment certification requirements are baselines – that means that the employee should have held the knowledge and experience to pass the exam on day-one of employment, even if they had not yet actually sat for the exam.
I believe that certain certifications are so highly sought after that many are literally forsaking quality of life concerns to attain them. However with little understanding that one does not need to go to such extremes to pass the exam. They become so focused on reading all the material in different books and watching all the videos that they either do not know or understand that it is about knowing the concepts. The "why bother" is about enhancing ones abilities, and also ones knowledge. The frustration may also be that many fail to walk into the exam knowing that just memorizing a ton of questions and having no ides of concepts most likely will not help them. I try my best to instill in individuals who approach me with questions concerning the CISSP exam to stop trying to rush through studies as the do with their life and take time to actually learn or understand the concepts of the materials being presented. many tell me that they have heard it is nothing more than an English test. My response to that is; Well look things up. Expanding ones vocabulary is also a good thing as it will aid them in speaking with high level executives. Expanding ones horizons always come with a cost, and if as you have stated, the frustration is to great then yes maybe it would be better for some to seek another career path.