cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
wimremes
Contributor III

My personal thoughts on AMF increase

As I've been asked questions through different forums recently, I decided to write down my personal thoughts in long form here : https://www.linkedin.com/pulse/isc2-fees-price-being-professional-wim-remes/?published=t

 

I am not a board member, I do not speak for the board, I do not speak for the organization. Everybody is free to reach their own conclusion and decide accordingly. I just thought my perspective could be helpful to some.

 

 Cheers,

Wim



Sic semper tyrannis.
16 Replies
emb021
Advocate I

Agree.

 

Admittedly, a good deal of my issue with the so-called "skills gap" is anecdotal, my issue is its being played as across the board for all kinds of cybersecurity positions.

 

I will accept that in SOME markets for SOME types of jobs, there is a lack of talent, but to play it as being the same everywhere is wrong.

 

Too many people are being sold on this idea, and spending time and money to become cybersecurity trained and then finding there are no positions.  Or no one will hire them because they have no experience.  Then you got wags claiming we should just pull people from outside of cybersecurity to fill the gap.  Uh, what about the folks who are NOW in cybersecurity looking for work.  Hire those people FIRST before you start pulling from outside.

 

Also, a lot of us see just bad job postings.  Posting that are looking for people with the skills/experience of 3 people, or wanting someone to do the job of 2-3 people, or wanting a senior-level person from an entry level position (and entry level pay)..  And some companies really don't know what they want or what they should pay.  There is information out there on that.  So they turn away or ignore talent, leaving positions open for months, or offer below market rates and don't understand why they can't fill positions.  I know from personal experience positions that went open for months when 2-3 qualified people applied, sometimes were interviewed, and none hired.  Don't tell me there was a lack of talent.

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
emb021
Advocate I

Overall I thought your posting was good.

 

I think that too many in our industry don't understand what it takes for certifications to be valued and what they have to do in terms of having that ANSI approved cache.  I've seen this with new people getting CompTIA certifications, and then being shocked that they now need to pay an annual fee and do CPEs to maintain their certs, some saying its just a money making scheme.  Not understanding that for their certs to be valued and respected, they need to be ANSI approved (the DOD won't touch them if they aren't), and that required the org do stuff, including CPEs, and the like that costs money, hence maintenance fees.

 

I understand the need to increase fees.  I've seen this with other orgs which have held off on increasing fees/dues and then being forced to increase and the jump is large.  What I don't like is how it was handled.  I pay $150 a year for 2 certs.  The switch over should have been that instead of paying $150 this calendar year to pay $125, and nothing more.  But instead it seems that I am being asked to pay something like $235, which I don't understand.  Just poor way of rolling it out.

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
rslade
Influencer II

> wscarano (Viewer III) posted a new reply in Member Support on 01-27-2019 10:27

>   If there was really a shortage there wouldn't be unicorn
> job postings and MBA Cybersecurity graduates wouldn't be coming to my meetups
> asking how they can get work.

Absolute agreement.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Power corrupts. PowerPoint corrupts absolutely. - Vinton Cerf
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
steinarna
Newcomer I

This was a good summary and I agree with you.

 

wimremes
Contributor III

I'm not an expert on statistics but if you have 15.000 respondents on an online questionnaire, extrapolating a need of 3 million people globally is likely, to say the least, statistically dishonest. I'll have to dive deeper into the report to determine what led to that number being the leading statistic. It would be interesting to see a more detailed analysis through a series of blog posts or webinars.


 



Sic semper tyrannis.
emb021
Advocate I

Have to agree.

 

Am bothered by these claims of a 'skills gap'.  Too often it seems people aren't willing to dig into the causes.  Many companies can't fill roles.  Heck, have seen this in my area.  Is this due to lack of talent, or is it due to other causes, such as the company having unrealistic job postings, unrealistic expectations, and in many cases ignoring or passing over qualified candidates?  I know in a few cases in my area companies trying to fill infosec roles for months when they passed over/ignored several qualified candidates.  There is no excuse for this.  But to claim its due to a "skills gap" or lack of candidates is misleading.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
paolomiranda
Newcomer I

Having handled Memberships before, I understand the difficulties in managing this area and can only imagine the greater difficulties in doing this on a global scale. I do believe that the communications and collaboration could have been handled better. Maybe involving the local chapter leaders and members earlier on in formulating the new fees and other major changes could have resulted in better buy-in from all stakeholders. Some transparency on how the new fees were arrived at would have also been good. In addition, the fees could have also been structured in a better format that would offer benefits to multiple credential holders without a huge impact to single credential holders as these form the majority of members based the latest member credential counts.