As I've been asked questions through different forums recently, I decided to write down my personal thoughts in long form here : https://www.linkedin.com/pulse/isc2-fees-price-being-professional-wim-remes/?published=t
I am not a board member, I do not speak for the board, I do not speak for the organization. Everybody is free to reach their own conclusion and decide accordingly. I just thought my perspective could be helpful to some.
Well thought out and good words, Wim ( @wimremes ). Thank you.
One point you make deserves discussion here: you said (ISC)2 does a poor job of communication. Actually, it does a TERRIBLE job of communicating.
The process for changing the rules and amounts for AMF should have been open in the lead up to a board vote, with the membership notified of financial situation, and what the board would be considering. As it happens I think the payments should have been in advance, not in arrears, all along. I never understood that part of our process. The need for an increase, and discussion on the necessary or advised level of increase would have been in open discussion among the membership prior to a board vote.
Agree with CraginS, there should have been member involvement not only with price increase but the decision to cut the exam time in half.
I mentioned to an ISC2 friend recently that I felt the past few years ISC2 is focused too much on revenue. Case in point:
1. Cut exam in half making it more palatable for people to approach the exam - more people taking the exam is more revenue.
2. I've noticed many articles the past few years where ISC2 is teaming with education providers to create the myth that there is an enormous shortage of qualified people for security jobs. By enticing people about the huge number of opportunities more revenue is realized.
3. I've been receiving a lot of spam the past few years from ISC2 about hundreds of cost savings for things I'll never use. The emails are identical to AAA discounts, AARP, and every other association. I'm not a CISSP seeking to get discounts for merchandise. How much revenue is realized by this marketing partnership?
4. Raising our rate 50% while describing all the benefits we can utilize. What if we don't want to use them? We're again paying. What revenue is realized by partnerships? Also, it's mentioned conferences like Congress are a benefit. I've worked on the financing for conferences and if they are smart they always make a profit. So we shouldn't need to raise the rates if conferences make a profit.
We need transparency and stop cheapening the certification with every marketing scheme tried by most corporations.
(Replying to both of you in one post)
On communications ... it is not that simple. ISC2 has very good people that definitely do not suck at communications. Fact is that a large part of the membership (the majority) chooses not to communicate with ISC2 apart from logging into the portal, pay their AMFs, and submit their CPEs. If there was some kind of referendum, it would be a small vocal minority that would call the shots. If ISC2 had followed, as an example, the process used for Bylaws changes, it would also be a small vocal minority that calls the shots. This minority would also be very US-centric, disregarding especially our APAC and LATAM colleagues. With the board, you at least have representation for all regions. Against all assumptions, the board - first and foremost - represents the interests of the membership as a whole. I can, in all honesty, say that even the slightest allusion to the contrary would be massively unfair. So, I disagree with you that an open discussion would have yielded better results.
Becoming a member of ISC2 is significantly easier than managing the membership. Billing in arrears was a choice made in the past and definitely not the best choice. However, turning that around comes with huge risks and isn't just flipping a switch. Over the past 3 years ISC2 overhauled all its back-end systems, including accounting and member management systems. In another forum I've referred to sticky prices. The increase and change to upfront billing, probably should've happened years ago but doing that would have been more expensive than what it would add to the member management budget.
On the exam time reduction, your representation is severely underinformed. This is most likely, again, the result of a lack of communication from the organization. ISC2 introduced CAT, Computer Adaptive Testing. This doesn't only make the exam more difficult to cheat at, it also ensures for better testing thus resulting in higher quality certified professionals. More importantly, the use of CAT reduces the number of items (questions) exposed to exam takers. Exam items, for a certification organization, are the single most expensive items on the books. If there was one big driver behind the move to CAT, and as a result the shorter exam time, it was this.
I work as a virtual CISO with a number of clients. The lack of security talent is not a myth in my humble opinion. If you have data to the contrary, I am happy to take a look at it.
The member benefits is also something I've brought up in my post I believe. I think it is a good idea but the implementation can definitely be improved on. the PDI (Professional Development Institute) that was announced last year is something I eagerly look forward to.
Yes, ISC2 should keep a closer finger on the pulse of the membership. They do have the tools now so there are few excuses left. We're a very diverse bunch and what counts as a benefit for you might not be the same as for me.
I again strongly disagree with your points about a pure commercial approach. As a board we always have, and I'm sure the current board continues that practice, asked "why is this good for the membership?" on every decision. I'd encourage every single member to engage with the organization. Through the local member management representation, through ISC2 management, through the board. This organization exist for and because of us.