"It seems as though you are arguing for completely removing the experience requirement and making it a knowledge-only exam for the sake of refreshing the ranks."
Now let’s be intellectually honest here… I never stated that I am in favor of eliminating the experience requirement. In fact, you can take from my statement that I very well value experience. You can also view my YOUTUBE where I explicitly tout the value of my experience, and the value of experienced professionals. Why would I talk negatively of the biggest value that I bring to the table myself?
We may not mirror each other’s view point, but we do, by and large, agree as a matter of principle. I am not hostile to the younger professionals – I don’t have a dog in the fighting across the generations. I wish us all well. Those inexperienced CISSPs are no threat to my prosperity because experienced senior managers have to know that they get what they pay for. Now, that’s not to say that there aren’t young information security prodigies out there… there are. And when they are found, companies will do well to harness that knowledge base.
Thank you for explaining your position. I was having trouble understanding what you were getting at with your comments.
If what some detractors of ISC2 are saying that the exam is being “watered down” then that’s bad news for me and you, and anyone else who contemplates the rigors of this journey. The requirements won’t be so rigorous, thus the certification itself won’t be as valuable. I have started my talks in these forums declaring that I have no interest in this certification becoming a breeze for anyone.
My experience again with this test is that it passes those information security professionals who can think critically. You will not find similar questions on the actual exam (from my experience) from practice tests on the real exam. One’s experience in information security comes out in how one reads the question and effectively apply security concepts. I think that ISC2 is doing an excellent job there. I doubt if anyone just studied a bunch of practice questions, having no experience or critical thinking skills, and successfully passed this test. The amount of whiners that you encounter (though annoying) is actually reassurance that ISC2 is protecting our interest and the integrity of this certification.
I am not sure what brought you to the conclusion that I am arguing to completely remove the experience requirements and making it a knowledge-only exam to refresh the ranks; but I will play along. I actually feel that having the experience is what separates those who have a better understanding of the concepts than possibly those just looking for all the answers in this book or that book. The topic of "Then Why Bother" I feel brings to light a question that is bringing nothing new to the table, but rather highlighting what most us have known for years; ROI. The prerequisites, the prior knowledge, and the actual work experience all play a part in passing the exam. To detract or lower the standards would be a disservice not only to the industry but to all those who sacrificed to attain the certification. As you have stated, there are other certifications which serve the purpose of showing ones knowledge and skill level yet are more technical in nature. Those you mentioned (Security+, CASP, and others) are meant as steps to advance one in not just the technical aspects but to also begin the processes of understanding concepts. One typically learns to crawl before they walk, thus the same concept may be applied to learning. I agree with you in that one does not develop skills from a study guide, however one does not always develop leadership skills by being placed in a position of leadership without the knowledge gained from reading resource materials either. The "Art of War" comes to mind in this situation. Many of the worlds leaders have read it, learned, and understand the concepts yet fail to be able to execute those concepts. If one takes the time to learn the concepts of the materials and the different domains then the question "Then Why Bother" becomes more apparent.
I again state that I agree with you and enjoyed your engaging thoughts.
Again, we are in agreement. I would not believe that anyone who has sweated the exam and passed would like to have the exam watered down just to increase the numbers. I have individuals here that have taken the exam multiple times and failed and yes most of them are angry with the way the exam is written, the time constraints, the cost (most get vouchers), and any other excuse that comes to mind. Let us just be real for a minute. A lot of the issue is having to go back to the work environment and tell all the individuals they work with that they did not pass the exam. Did they actually study, or did they spend most of their time on Facebook or tweeting? They have whine; I have cheese and crackers for them.