"With that in mind, we have invested heavily in strengthening the value we provide to our members."

"Strengthening the value."  I like that.  Sounds ... well, strong.  Sounds supportive.  So, what has (ISC)2 done for us recently?

Well, they killed the CISSPforum.  It had been going for more than 20 years, and was a semi-valuable resource in terms of collective wisdom, but they killed it.  They gave us this censored, redacted, and managed social media "community" platform instead, but they killed the forum.

However, we resurrected it.  I'd like to invite you all to join it.

You can join for a low, one-time fee of $0.  That's also C$0, and A$0, and 0 pounds, come to that.  We accept Bitcoin.  (We make fun of it, but we accept it.)

There is also an annual maintenance fee of $0.  This will increase at a rate of not more than 0% per decade.

If you'd like to join us, and possibly stay long after you have decided to stop paying fees to ISC2, look into the FAQ, or here on the "community."

Tell your friends ...

(Seriously.  The two previous messages I have posted on this topic tonight have both been censored, so you need to pass this info around.)

I'm not sorry to say I think it's a low blow.

Want to charge one fee but more for people with multiple certifications, fine.

But leave the fee as it is, which is already high, for those with a single certification.

I have to cover all costs out of pocket, and the return I get is already describable as "meh", so it will become more so if I have to pay 125$'s with the same meh return.

This is a super bad move.

Except the cert, which is just an HR filter, (ISC)2 membership brings me exactly nothing.

The InfoSec community is already full of " - not CISSP" twitter handles, with this kind of behaviour it's only going to increase, impacting the value of our cert negatively.

The sites boast 140.000 members, that's an annual budget of more than $17 millions! Where goes all that money? What's the breakdown of the budget?!

Simply disappointing.

From now on, I will recommend all my contacts not to make this certification.

I'll provide my sentiment in a time-line... 

Let's look at what we get out of the membership and certification, and gauge our satisfaction with it --- what it was, and what it is now. Here's my perception, which has changed a lot, courtesy of the new AMF.

1) Webinars

Then: OK            Now: DISSATISFIED

There are many useful sources of IT Security information out there, so long as you know where to look and what to subscribe to. No doubt the ones here are easy access here, but then you may not always get exactly what you were expecting.

2) Vulnerability Central

Then: OK            Now: DISSATISFIED

I get alerts to vulnerabilities from a lot of sources, and most of them are redundant. From my job perspective, I only have to pay attention to the local ones. Once again, this facilitates easy access, but it also comes from other sources.

3) (ISC)2 Magazine

Then: DISSATISFIED         Now: VERY DISSATISFIED

While the magazine includes both useful information and propaganda, what I find annoying is that the quiz at the end of it covers both items --- you should know about the (IS)2 achievements, events, etc. to be worthy of earning CPEs...  

4) Free Courses from (ISC)2 Learning

Then: SATISFIED           Now: DISSATISFIED

I appreciated this at the start mainly because it was free. But as I went on I spotted inconsistencies that got me really confused, among other issues, which I reported in the survey, so I assume they'll attend to these. I mentioned this in the post about the GDPR course.

5) (ISC)2 website

Then: OK            Now: DISSATISFIED

At the time that I joined, the website didn't look too impressive, but it worked fine, which was good enough for me. And then, when (ISC)2 recently decided to 'revamp' it --- we all saw that that looks aren't everything. 

6) (ISC)2 Support

Then: VERY SATISFIED                  Now: DISSATISFIED

At the start, I thought the support couldn’t get any better, given that I’d always get a prompt response with all details of my query answered, and it would all be over without any need to follow-up. I initially thought that I'd be able to rely on the info that came from them --- but that changed when one of the moderators explained that we can't rely on Support to confirm if activities are eligible for earning CPEs.

7) (ISC)2 Community

Then: DISSATISFIED            Now: DISSATISFIED

I don’t need to say anything here. Just do a search using ‘Badges,’ ‘ AI,’ ‘ Moderation’ or ‘Robots’ --- and you can form an opinion…

(Those  keen on expressing their views can also participate in this --- stating VERY SATISFIED, SATISFIED, OK, DISSATISFIED, VERY DISSATISFIED...  )

To summarize, the new AMF policy will be appreciated by those holding multiple (ISC)2 certifications & won't be of much concern to those whose organizations bear the AMF cost --- but others will feel the pinch...