We are managers, we are directors, we are CISOs. We can choose not to have job adds list ISC2 certs as a requirement or recommendation. If job adds drop this, suddenly the CISSP means nothing anymore.
I'm not high enough in my organisation's the hierarchy to have a major impact on it's view of the CISSP, but I'll definitely contribute to the cause by demoting (ISC)2 whenever I can.
While I'm not certain that I'll discontinue my CISSP, I'm considering it, given that I have to maintain my CISM from ISACA...
I'll definitely contribute to the cause by demoting (ISC)2 whenever I can.
* Demote, as in, downgrade them by explaining how I perceive what's happened...
> SamanthaO_isc2 (Community Manager) posted a new reply in Member Support
> Thank you for your thoughtful questions. We appreciate the feedback and
> understand your concern about the changes. AMFs are critical as they are used
> by (ISC)² to support the costs of maintaining the (ISC)² credentials you and
> your peers work so hard to earn.
Yeah. And they did well at $85 for years. So what's changed? And why so much?
> To maintain accreditation and ensure the
> long-term credibility, impact and relevancy of your certification, our exam
> department is working hard year-long to meet the highest industry standards and
> to keep evolving the exam over time to accommodate the latest changes in best
> practices, technologies and principles.
And most of that is done by volunteers.
> AMFs also go to support all the
> resources and systems necessary to manage the association. For more than 15
> years and despite rising costs, (ISC)² has managed to avoid increasing AMFs
> while maintaining the highest standards for our certifications and supporting a
> growing international membership base.
Again, what has changed? And why such a huge jump all of a sudden?
> We also have invested in new member
> benefits, most recently in the development of a growing portfolio of immersive
> professional development courses exploring timely, relevant topics such as GDPR,
> DevSecOps and creating a security-minded culture. Valued at $400 or more,
Valued by whom? From everything I see and hear, these courses are pretty lame, and mustn't have cost much to produce.
> courses are available to members at no additional cost, help members earn
> enriching CPEs
Well, CPEs, in any case. "Enriching"?
> and are accessible at any time by members who sign in to
> www.isc2.org and click on My Courses. More courses are in development. Other
> expanded benefits recently introduced to help you grow include: Member Perks
> offering more than 300,000 discounts on everyday expenses
And I've yet to find one I can use.
> Savings on industry
> events like Black Hat, RSA Conference and member pricing for (ISC)² events,
> including our new Secure Summits and global Security Congress
Yeah. Member pricing on ISC2 events used to be $0 for members. I assume that the ISC2 events/conferences are revenue-generating, and I assume ISC2 gets paid by Black Hat, RSA, etc for use of the membership list for promotion/marketing.
> Discounts on
> third-party services including phishing awareness training; communications,
> public speaking and presentation skills development; cloud security training;
Again, not the greatest presentations in the world.
> insights into the latest security vendors and solutions;
Vendors and others selling "solutions" (the most common cause of computer problems is computer "solutions") are usually more than willing to give me at least coffee and a meal in order to provide me with these "insights."
> After careful evaluation of future growth
> plans â€“ with a core focus on investing in our membersâ€™ long-term
> professional development and delivering on our value promise to you â€“ the
> Board of Directors approved changes to our membership policies and AMFs. These
> changes strongly position the association to better support our mission of
> inspiring a safe and secure cyber world, while also investing in a rich set of
> valuable resources for our members to help build and maintain your expertise
> across all the domains of your certification.
This just sounds like marketing verbiage. Again: How? Why?
> The new fee is in line with
> similar membership associations and certifying bodies.
I remember back when "everybody" was charging $135 for every security framework simply because "everybody" was charging $135 ...
> We also decided that
> simplicity was the best approach to our AMFs. By no longer billing in arrears
> and selecting a single AMF for all members, we ensure equal access to all our
> resources, benefits and future growth opportunities. Again, we understand the
> concern with the change and are aware that members will be affected differently
> depending on their personal and professional situation.
So this is a tacit admission that the CISSP is still the cash cow, and that all the other certs are basically pointless?
> That was a key
> consideration in providing advance notice of more than five months for members
> to align their accounts with the new policy.
Along with zero notice of the change, and still almost no real reason as to why the fees are increased.
> We feel that members receive a
> very strong return on their annual investment when considering the growing array
> of resources available to you, as well as the global recognition and credibility
> a certification like the CISSP brings as a complement to the expertise and
> knowledge youâ€™ve gained throughout your careers.
Translation: you need the cert to hold your job, so we've gotcha!
> We hope this helps clarify
> why we have increased our AMFs and reassures you that there is a strong return
> on your investment that will only continue grow in the future.
Translation: we're gonna keep on doing it this way, so neener neener neener on you.
> bobmorning (Viewer) posted a new reply in Member Support on 01-25-2019 08:29 AM
> Annual report for 2017 is here
Yep, ISC2 is right up to date on everything ...
> bobmorning (Viewer) posted a new reply in Member Support on 01-25-2019 08:37 AM
> Time to vote out the board. They work for us, not the other way
Now, that is true, and we do have that power. But you're going to have to really push to overcome the inertia of 140,000 members, only about 6,000 of whom ever vote. (On the other hand, it means you only have to lobby a couple of thousand members in order to successfully stage a coup-de-org ...)
If serious, you have until about June or July to get on the ballot (even on the write-in list), September is when notices of elections start going out, and November is the election.
Honestly, you feel like some 47% increase is a harsh thing to do. While admiting later that you are a US DoD cooperating pro, who might likely get the cost covered up somehow. Now imagine, the price is levelling for all certificates. I am a beginner, entering the InfoSecurity field while finishing my law degree here in Europe. The $65 for SSCP were quite fine to me, seeing those as something I'd be able to pay even if I were to lose my job somehow. Now it has DOUBLED.
Meanwhile, neither the Building Cyber Culture, nor the DevSecOps courses I tried so far has given me anything of value. I at least hoped to see some insight into practical side of GDPR, but after starting and dropping the other two courses due to their rather limited values, I am worried about it.
I also tired the BrightTalk webinars. Out of several, about half were product promos. And sadly, none was advertised as such. Sufficient to say, I was already very dissatisfied with my (ISC)^2 membership and those news steer me even further away from prolonging my status after those three years.
EDIT: Ok, started the GDPR course. Chapter 1 is basicaly "here's excerpts from webinars from back when no-one had a clue, and an interview with guy who managed to convice his supervisors to implement new policies". Not really useful, if you ask me.
Personally i’m OK with it, Here’s why.
I sat sat the CISSP and certified after I started working for my current employer(they paid for it), let it lapse again and then resat it at my own cost(I paid that), I also self funded my CCSP and recently a CSSLP course and exam (shout out to Alan and the APAC CSSLP unreasonable hours posse)... I’ve claimed AMFs once, and will probably do it again(especially this round as it’s a lot up front). Long term, it saves me money on multiple certs. 85 bucks was much more to me when I first certified than 135 is now.
I don’t think it’s about greed, or that ISC2 is greedy (I’m pretty sure David Shearer and the board don’t gather every morning on their personal ISC2 issue Learjet’s for a subsidised breakfast of Chateabriand while teleconferenced in over fat pipe paid for by the membership while laughing at our gullibility). Bluntly, I think there’s a few unfair characterterizations here, there is a cost for innovation, and keeping stuff going.
Contrasting this IAAP has a membership fee of 100 USD certified or not and they do not do background/experience validation. Most members or their employers can probably afford it, and ISC2 does need to keep the lights on and do some innovation. I’d go with the Babbage approach on postage and just say it’s probbaly cheaper to flat fee it than to break it all out, and it hasn’t gone up since the dinosaurs, if we went by RPI in The uk your 85 usd would be 165 as of 2018.
Some thoughts possible on tweaks:
1. Offer low cost AMFs on the honour system for folk who are not currently working, perhaps have a sampling audit to verify this trust. If countries have low wages then this could be extended to folk that were working, as Long as they met an income threshold;
2. Yearly upfront payment would probably be worth considering;
3. Perhaps have a mentorship/ sponsorship program that help security professionals in developing countries get some assistance with fees.