@Shannon To confirm, if someone gained the CISSP membership last year, they have the option to pay all three AMFs at $85.00 a year, by June 30, 2019. After June 30, 2019, the price of each AMF will go up to $125.00.
So, if a person earns his/her CISSP in March 2019, will it be okay to pay his total dues ( $85*3 = $255) in advance before July 1st 2019? If YES, then what will be the due for his 2nd credential earned after July 2019?
Will it be the difference? or No dues?
@iluom If the member earns the certification in March 2019 and pays all 3 AMFs at the $85.00 rate, prior to June 30, 2019, and then earns a new certification, the next AMF will not actually be due until the current three-year certification cycle ends for the CISSP. So for example, the cycle runs from March 1, 2019 - February 28, 2022 and the member pays all AMFs, then earns a new cert, the next AMF will not be due until March 1, 2022 and will be $125.00 (covering AMFs for both certifications for the first year of the new cycle).
Can you clarify this statement from the AMF announcement please?
"If you hold multiple certifications, your single AMF of U.S. $125 will be due on your earliest certification anniversary."
Does "earliest certification anniversary" mean the certification cycle that starts the earliest in the calendar year, or does it mean it's tied to the cycle of the certification you have held the longest (i.e. The certification I earned the earliest)?
e.g. My CISSP cycle runs from August and is my oldest/earliest certification, while my predicted ISSEP cycle will run from March assuming my endorsement application is approved - obviously March comes earlier than August.
Does that mean from next year my $125 AMF will be due in March? Or will it be in August?
EDIT: Thinking about this, it makes more sense to tie it to the "longest held" certification as otherwise, as I've shown in my example, the date could change when earning new certifications and lead to confusing situations, so I will assume that "longest held" is what is meant by "earliest".
EDIT2: Just read the actual policy and this question has already been clarified:
4.2.2 For Members with multiple certifications on multiple cycle dates, the earliest certification anniversary will be the start date for all of your certifications. For example, if a Member obtained the CISSP certification on September 1, 2010, and a CAP certification on January 13, 2012, the Member’s certification anniversary would be September 1 each year.
Re: "Socialism" in fees 😉 I had three certs w ISACA, and they really loaded on the fees. On top of that, I was getting audited EVERY year for a different cert, even though I typically had 100+ hours / year, and they applied to all three certs.
Tried to explain that they should audit the individual - not the cert, to minimize their work and mine. Fell on deaf ears. Needless to say, am not an ISACA member anymore, and they lost MANY years of their future "annuity" in fees.
Re: "Socialism" in fees 😉
Perhaps a 'cold war' between (ISC)2 and ISACA is inevitable...
I'm thinking of not renewing. I work in product management and probably don't need my CISSP to remain "in good standing" even if I have to look for a new job. Getting this certification was something I did out of interest in the field, as a challenge, and also thinking that it won't hurt to have it in my CV. Most likely if I look for another job it will still be in product management, and not necessarily for a security company.
With this in mind, do you think I should bother renewing my membership and continue with the annual CPE hunt?
@BlackmaltMy personal perspective is we are dealing with an increasingly complex set of environments, including supply chain issues i.e. back to the manufacturers. What does the ISC(2) give you apart from normal benefits, it provides evidence, you are a certified security practitioner and that you are held to account to a set of ethics, which are in alignment with those of a professional Medical Practitioner. Therefore what you say to the board, means you know your material, you have been tested and you maintain your skill set. The vast majority of information security, or cyber security is about making the business understand the associated risks, impacts of not putting in place an appropriate framework to reduce the likelihood of being compromised, and having to deal with the associated incident handling and ensuing mess that follows.
If you are thinking of going to a production or manufacturing environment - then many of the current issues i.e. IoT stem from them and we need good people, like yourself to make them fully understand the implications of their decisions, which are often based on deadlines, costs and taking short cuts, without understanding the ramifications of their decisions. From a recent report 50% of all IoT devices, are inherently vulnerable with little or no security controls put in place by default. Plus given the increasing demand for security practitioners cited 3.5 million by 2021 currently, without people like yourself, organisations will have very little insight or impact of their decisions purely based on costs and resources. Security is a business issue, fundamentally, and we have to tackle it head on.
Regardless of which organisation or direction you wish to take, security and privacy will affect all organisations, even today it was announced in another report that 60,000 cases have been raised for GDPR related issues within the European Union. Wait until the Californian CCPA comes into full play - both security and privacy become an inherent way of thinking and designing systems.
I have seen colleagues have a foolish moment, and state the same thing - my job role does not require to have these certifications any more - well six months down the road, they suddenly realised after they ditched them - they needed them to get management to listen to them from a strong position of knowledge and capability.
My take, you worked hard for it, don't ditch them - they will be needed, even though currently you don't believe this is the case. You will need them to be the voice of rationale reason soon enough in any organisation you join these days. The world actually needs you, believe it or not;