Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer I

Your new annual membership Fee is now $125! How do you feel about that?

I think this is disgusting.  I dont feel I got value for money when it was $85 now how do you justify $125?

Its extortionate. 

258 Replies
Community Champion


@dpark75 wrote:


We are managers, we are directors, we are CISOs. We can choose not to have job adds list ISC2 certs as a requirement or recommendation. If job adds drop this, suddenly the CISSP means nothing anymore.


I'm not high enough in my organisation's the hierarchy to have a major impact on it's view of the CISSP, but I'll definitely contribute to the cause by demoting (ISC)2 whenever I can.


While I'm not certain that I'll discontinue my CISSP, I'm considering it, given that I have to maintain my CISM from ISACA...



Shannon D'Cruz,
Community Champion


@Shannon wrote:


I'll definitely contribute to the cause by demoting (ISC)2 whenever I can.


* Demote, as in, downgrade them by explaining how I perceive what's happened...



Shannon D'Cruz,
Influencer II

> SamanthaO_isc2 (Community Manager) posted a new reply in Member Support


> Thank you for your thoughtful questions. We appreciate the feedback and
> understand your concern about the changes.   AMFs are critical as they are used
> by (ISC)² to support the costs of maintaining the (ISC)² credentials you and
> your peers work so hard to earn.


Yeah. And they did well at $85 for years. So what's changed? And why so much?


> To maintain accreditation and ensure the
> long-term credibility, impact and relevancy of your certification, our exam
> department is working hard year-long to meet the highest industry standards and
> to keep evolving the exam over time to accommodate the latest changes in best
> practices, technologies and principles.


And most of that is done by volunteers.


>   AMFs also go to support all the
> resources and systems necessary to manage the association. For more than 15
> years and despite rising costs, (ISC)² has managed to avoid increasing AMFs
> while maintaining the highest standards for our certifications and supporting a
> growing international membership base.


Again, what has changed? And why such a huge jump all of a sudden?


> We also have invested in new member
> benefits, most recently in the development of a growing portfolio of immersive
> professional development courses exploring timely, relevant topics such as GDPR,
> DevSecOps and creating a security-minded culture. Valued at $400 or more,


Valued by whom? From everything I see and hear, these courses are pretty lame, and mustn't have cost much to produce.


> these
> courses are available to members at no additional cost, help members earn
> enriching CPEs


Well, CPEs, in any case. "Enriching"?


> and are accessible at any time by members who sign in to
> and click on My Courses. More courses are in development.   Other
> expanded benefits recently introduced to help you grow include: Member Perks
> offering more than 300,000 discounts on everyday expenses


And I've yet to find one I can use.


> Savings on industry
> events like Black Hat, RSA Conference and member pricing for (ISC)² events,
> including our new Secure Summits and global Security Congress


Yeah. Member pricing on ISC2 events used to be $0 for members. I assume that the ISC2 events/conferences are revenue-generating, and I assume ISC2 gets paid by Black Hat, RSA, etc for use of the membership list for promotion/marketing.


> Discounts on
> third-party services including phishing awareness training; communications,
> public speaking and presentation skills development; cloud security training;


Again, not the greatest presentations in the world.


> insights into the latest security vendors and solutions;


Vendors and others selling "solutions" (the most common cause of computer problems is computer "solutions") are usually more than willing to give me at least coffee and a meal in order to provide me with these "insights."


>   After careful evaluation of future growth
> plans – with a core focus on investing in our members’ long-term
> professional development and delivering on our value promise to you – the
> Board of Directors approved changes to our membership policies and AMFs. These
> changes strongly position the association to better support our mission of
> inspiring a safe and secure cyber world, while also investing in a rich set of
> valuable resources for our members to help build and maintain your expertise
> across all the domains of your certification.


This just sounds like marketing verbiage. Again: How? Why?


>   The new fee is in line with
> similar membership associations and certifying bodies.


I remember back when "everybody" was charging $135 for every security framework simply because "everybody" was charging $135 ...


> We also decided that
> simplicity was the best approach to our AMFs. By no longer billing in arrears
> and selecting a single AMF for all members, we ensure equal access to all our
> resources, benefits and future growth opportunities. Again, we understand the
> concern with the change and are aware that members will be affected differently
> depending on their personal and professional situation.


So this is a tacit admission that the CISSP is still the cash cow, and that all the other certs are basically pointless?


> That was a key
> consideration in providing advance notice of more than five months for members
> to align their accounts with the new policy.


Along with zero notice of the change, and still almost no real reason as to why the fees are increased.


>   We feel that members receive a
> very strong return on their annual investment when considering the growing array
> of resources available to you, as well as the global recognition and credibility
> a certification like the CISSP brings as a complement to the expertise and
> knowledge you’ve gained throughout your careers.


Translation: you need the cert to hold your job, so we've gotcha!


>   We hope this helps clarify
> why we have increased our AMFs and reassures you that there is a strong return
> on your investment that will only continue grow in the future.


Translation: we're gonna keep on doing it this way, so neener neener neener on you.


Other posts:

This message may or may not be governed by the terms of or
Influencer II

> bobmorning (Viewer) posted a new reply in Member Support on 01-25-2019 08:29 AM


> Annual report for 2017 is here


Yep, ISC2 is right up to date on everything ...


Other posts:

This message may or may not be governed by the terms of or
Influencer II

> bobmorning (Viewer) posted a new reply in Member Support on 01-25-2019 08:37 AM


> Time to vote out the board.    They work for us, not the other way
> around.


Now, that is true, and we do have that power. But you're going to have to really push to overcome the inertia of 140,000 members, only about 6,000 of whom ever vote. (On the other hand, it means you only have to lobby a couple of thousand members in order to successfully stage a coup-de-org ...)


If serious, you have until about June or July to get on the ballot (even on the write-in list), September is when notices of elections start going out, and November is the election.


Other posts:

This message may or may not be governed by the terms of or
Newcomer II

Honestly, you feel like some 47% increase is a harsh thing to do. While admiting later that you are a US DoD cooperating pro, who might likely get the cost covered up somehow. Now imagine, the price is levelling for all certificates. I am a beginner, entering the InfoSecurity field while finishing my law degree here in Europe. The $65 for SSCP were quite fine to me, seeing those as something I'd be able to pay even if I were to lose my job somehow. Now it has DOUBLED.

Meanwhile, neither the Building Cyber Culture, nor the DevSecOps courses I tried so far has given me anything of value. I at least hoped to see some insight into practical side of GDPR, but after starting and dropping the other two courses due to their rather limited values, I am worried about it.

I also tired the BrightTalk webinars. Out of several, about half were product promos. And sadly, none was advertised as such. Sufficient to say, I was already very dissatisfied with my (ISC)^2 membership and those news steer me even further away from prolonging my status after those three years.
EDIT: Ok, started the GDPR course. Chapter 1 is basicaly "here's excerpts from webinars from back when no-one had a clue, and an interview with guy who managed to convice his supervisors to implement new policies". Not really useful, if you ask me.

Newcomer II
Influencer II

> MD007 (Newcomer I) posted a new reply in Member Support on 01-25-2019 11:31 AM

> Can I have some eggs with all that waffle Samantha?

Given the burn, does that make it a burned waffle?


====================== (quote inserted randomly by Pegasus Mailer)
What you see and hear depends a good deal on where you are
standing; it also depends on what sort of person you are.
- Clive Staples Lewis


Other posts:

This message may or may not be governed by the terms of or
Influencer II

So, as to the "How do you feel about that?" part of this topic ...

> MD007 (Newcomer I) posted a new reply in Member Support on 01-25-2019 03:20 PM

> CISSP is still a very very difficult test

I've noted elsewhere that I have known about the CISSP since before it even was
the CISSP. I loved the idea then, and I loved the test when (much, much later) I
took it. Yes, I know that sounds weird, but I came from an education background,
I had taken special training in tests and measurement, and I knew how difficult it
was to create a test instrument as good as the CISSP: what an extraordinary
achievement it was. I was proud to facilitate the review seminars for many years
(and it was a *lot* of fun, and very educational--for me).

I was proud of ISC2 in the old days, when it was a volunteer organization and
many of us chipped in to help in a variety of ways.

Over the years I remained proud of the CISSP, but I got less proud of ISC2. And
less. And less.

> The CISSP is critical for a security job these days, both the
> letters on your resume and the knowledge gained from studying for it. Sadly,
> ISC2 know this, which is why they can charge anything they want.

I don't know if this is the final straw, or not. It's been years since I got anything
out of paying my AMFs. I never really did get anything out of ISC2, aside from
the chance to do the seminars (and the pretty low stipend we got for doing them).
But even the new, higher rates wouldn't break the bank--if I thought there was any
point in continuing.

> Its amusement
> park tactics. I HAVE to keep my CISSP, so I HAVE to pay whatever they want. I
> cant NOT renew. Its a disgusting way to treat members who are basically
> hostages to their greed. That Sarah Sanders-like like justification just makes
> me cringe reading it

I *don't* have to keep the cert: aside from doing the seminars, I never did. My
books were published on the basis of my net presence, and my contracting, as
weird as it was, was on the basis of me being the only person the companies could
find that could fix their problems. The CISSP never came into it.

And, yes, the tone-deaf "justifications" (not to mention promotions and sales
pitches) we get from ISC2 HQ are, increasingly, embarrassing to be associated with.

Even if I just stop paying AMFs, I'll probably still hang around here, until
someone from HQ kills my account. (Given that they even let bots in here, I'm
not sure how they'd justifiy that.) I'll still be over on the CISSPforum, of course.
I'll still be going to Vancouver Security SIG meetings (although I doubt I'll care if
people lose interest in maintaining the "ISC2 Chapter" association). So I very
much doubt that I'd miss being an ISC2 member.

I'll grieve the loss of the old ISC2. But it seems I'll have to grieve that, regardless
of whether I stay or not ...

"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
============= for back issues:
[Base URL] site
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm


Other posts:

This message may or may not be governed by the terms of or
Community Champion

Personally i’m OK with it, Here’s why.


I sat sat the CISSP and certified after I started working for my current employer(they paid for it), let it lapse again and then resat it at my own cost(I paid that), I also self funded my CCSP and recently a CSSLP course and exam (shout out to Alan and the APAC CSSLP unreasonable hours posse)...  I’ve claimed AMFs once, and will probably do it again(especially this round as it’s a lot up front). Long term, it saves me money on multiple certs. 85 bucks was much more to me when I first certified than 135 is now.


I don’t think it’s about greed, or that ISC2 is greedy (I’m pretty sure David Shearer and the board don’t gather every morning on their personal ISC2 issue Learjet’s for a subsidised breakfast of Chateabriand while teleconferenced in over fat pipe paid for by the membership while laughing at our gullibility). Bluntly, I think there’s a few unfair characterterizations here,  there is a cost for innovation, and keeping stuff going. 


Contrasting this IAAP has a membership fee of 100 USD certified or not and they do not do background/experience validation. Most members or their employers can probably afford it, and ISC2 does need to keep the lights on and do some innovation. I’d go with the Babbage approach on postage and just say it’s probbaly cheaper to flat fee it than to break it all out, and it hasn’t gone up since the dinosaurs, if we went by RPI in The uk your 85 usd would be 165 as of 2018.


Some thoughts possible on tweaks:


1. Offer low cost AMFs on the honour system for folk who are not currently working, perhaps have a sampling audit to verify this trust. If countries have low wages then this could be extended to folk that were working, as Long as they met an income threshold;

2. Yearly upfront payment would probably be worth considering;

3. Perhaps have a mentorship/ sponsorship program that help security professionals in developing countries get some assistance with fees.