I appreciate your comment, but would like to express that my intention was that the time and effort to gain the experience and knowledge to pass the CISSP is equivalent. Not simply taking the test.
Thank you for your service in the military.
Given that thought. Nearly any course of study would then be the equivalent of an MBA. The PMP would be a much closer comparison than the CISSP. Given this many, many more career field certifications such as CPA, PE and Series 9 would also be comparable to an MBA. Series 9 and the CPA would be better examples than the PE.
If we expanded the CISSP to include more business skill, which is desperately needed in security, I would be more sympathetic. Today, as it stands, not so much.
p.s. My only regret in life was leaving the military too early but I served for the right reasons not to be thanked like we constantly do today.
I think unfortunately the news article and the blog were out of synch. And the news article DID NOT refer to the blog. Had they been tied together in some fashion (even here on the Community) there might not be as much angst about this as there seems to be. And yes I know reporters sometimes mis-quote, exaggerate, etc. and sometimes leave out key comments.
Here is another take on this:
Bob Covello's thoughtful reply and recognition of the topic was spot on and reflects many the same talking points I myself and others have said for years, particularly that of being a practice. You are never done studying, learning or transferring knowledge to others. Certification, no offense has become controversial only in the practice of hiring under qualified but certified individuals over the years when the labor market was tight for this field. If you practiced security or InfoSec back before anyone cared about the field you know what I am referring. If not and you think the sky is the limit, think again. Been through market ups and downs before, this too shall pass, if it hasn't already.
Also, happy to see the ISC(2) take a good hard, measured look at what was stated by the UK governance board and how it applies here in the real world to real practitioners. Hopefully we can head off a rush of new candidates looking for fulfill their "Master's degrees" aspirations by completing a single exam. The two cannot be equated.
Happy security practice!
Still trying to wrap my head around what this actually means.
I think mostly it means that, in the UK, and eventually the EU, and, over time, increasingly in the US, salaries for jobs requiring a CISSP will approximate salaries for jobs requiring a Masters.
(Which may come to mean that fewer jobs will require a CISSP.)
I was going to write a response to what Cragin Shelton had written but he really did a great job in summarizing what my issue was with the CPE requirement hurdles and the (IMO) draconian measures that ISC2 has in restricting this hard won certification. I am currently employed and use my CISSP knowledge every day and have to take training on new tools and initiatives to stay current and provide the expected service to my employer. I stayed current with my dues and tried to keep up with CPE credits but could not. I will retire in the next few years and a "CISSP (Retired)" tagline would be great as I would like to provide help to the community in CyberSecurity as this help is greatly needed as the "arms race" continues to evolve. Could ISC2 respond to this thread, please?
You bring up some interesting points but don't list any remedy to your complaints. Can you expand on how you would rectify the program as you see? I am very much interested in the discussion.
Has anyone noticed that higher degrees in many fields don't necessarily result in higher salaries? I started out in IT in very early 90s with colleagues who has first class honours degrees, MSCs and even doctorates. Because employers knew we were keen to get on in our careers and gain work experience we were paid below market rate. A masters can take 2 or 3 years by distance learning, whilst you can bag the CISSP with a weeks study. You read maybe 30-50 text books and numerous case studies for a masters; the CISSP was 3 books and 7 days study. You write assignments, take many exams and a thesis for a master and do a multiple choice test for a CISSP. Draw your own conclusions on which takes the greater commitment.