Myself, Diana Contesti, and Richard Nealon are all trying to get onto the ballot for the upcoming ISC2 Board of Directors Election and need your support. For information about us and how you can help, see:
Stephen Mencik petition
Diana Contesti petition
Thanks for your support.
Stephen Mencik
CISSP, ISSEP, ISSAP
@TrickyDicky wrote:- the provision of full membership rights to CC certification holders, and the impact that will have to the professional certification value of the current membership (1 million additional members)
I'm not clear what the problem is here. Concentration and SSCP holders have the same level of membership, and that doesn't seem to bother anyone.
Level of certified competence is determined by your specific certification(s). ISC2 membership can reasonably be open to anyone who adheres to the principles of good cybersecurity and has demonstrated a basic level of competence.
@gidyn wrote:
@TrickyDicky wrote:- the provision of full membership rights to CC certification holders, and the impact that will have to the professional certification value of the current membership (1 million additional members)
I'm not clear what the problem is here. Concentration and SSCP holders have the same level of membership, and that doesn't seem to bother anyone.
Level of certified competence is determined by your specific certification(s). ISC2 membership can reasonably be open to anyone who adheres to the principles of good cybersecurity and has demonstrated a basic level of competence.
I agree on this point. The Bylaws say : " The Members shall consist solely of individuals who obtain
certification as granted by (ISC)² and whose certification is in good standing according to specifications that are from time to time approved by the Board of Directors."
We should never end up in a place where we have a tiered membership. You're a member, or you're not.
I am, however, concerned about the CC and the "For Free" campaigns. Firstly, because nothing is free and while current members point out the lack of value from their membership continuously, funds are diverted to new and "sexy" things. Secondly, there have been continuous calls from our peers in non-Western regions to have prices for the CISSP and other certifications (and their AMFs) that didn't mean they'd have to keep food out of their family's mouths. ISC2 has always claimed that this is impossible because of ANSI17024 requirements. Now we are perceived to be handing out "free" certs, primarily in the US and the UK. It is all just very weird.
Well said.
I'm not clear what the problem is here. Concentration and SSCP holders have the same level of membership, and that doesn't seem to bother anyone.
Level of certified competence is determined by your specific certification(s). ISC2 membership can reasonably be open to anyone who adheres to the principles of good cybersecurity and has demonstrated a basic level of competence.
We should never end up in a place where we have a tiered membership. You're a member, or you're not.
I understand your point - Concentration and SSCP have the same level of membership, and I fully support that. Why - because their holders operate in a professional capacity (granted the P in SSCP is Practitioner), but they're both experienced, and capable in advising their principals on good security practice. I classify them both as professionals (experts in their chosen streams).
I have nightmares about (ISC)2 members with minimal knowledge and no experience being asked by principals for security advice and being considered as "expert" (I hate that word, but it's appropriate here), and see them being set up for failure in regards to our third Ethics canon.
I fully support your call for pricing structures appropriate to geographical regions (in the same way as it used be).
@TrickyDicky wrote:
I have nightmares about (ISC)2 members with minimal knowledge and no experience being asked by principals for security advice and being considered as "expert" (I hate that word, but it's appropriate here), and see them being set up for failure in regards to our third Ethics canon.
Nobody asks me for advice on the basis of my membership in ISC2. They consider my position, experience, and perhaps certification. As it is, there isn't that much overlap covered by every certification. Perhaps the new certification could be seen as a common denominator.
In every democracy, the sovereignty belongs to the people (i.e.: members in this case). The bylaws, BoD directives, General Counselor’s thoughts are just nothing if the basis wants a change. Unless (ISC)2 members are not members, but just associates, with no rights, who pay to maintain their certification(s).
I feel in this situation. I need to renew membership to have my certifications kept alive, and this only because sometimes they are required in public bids.
This (ISC)2 attitude makes the association losing credibility everyday.
Your 2nd para is strongly supported by the fact that ISC2 used lot's of our dues revenue to lobby to ensure its certs became requirements in contractual work. Supports their evolution, gets members work, but also ties them to the cert maintenance ($$). Members really don't have a voice. Board membership is not the panacea anyone thinks it is, because as a 20 year CISSP, I've seen very little that supports it; especially when clouded with secrecy.
@Peter wrote:Your 2nd para is strongly supported by the fact that ISC2 used lot's of our dues revenue to lobby to ensure its certs became requirements in contractual work. Supports their evolution, gets members work, but also ties them to the cert maintenance ($$). Members really don't have a voice. Board membership is not the panacea anyone thinks it is, because as a 20 year CISSP, I've seen very little that supports it; especially when clouded with secrecy.
This is what I suspected when I joined the board in 2012 as well but it isn't close to the truth. The real reason why the CISSP and SSCP in particular gained momentum very fast was ISO17024 accreditation. When the government started identifying certifications for government related security work, the requirement was that they were ISO17024 accredited. The ISC2 certifications were the first in that class. From 2013 or so onwards, SANS and EC-Council also got accreditation and implemented both CPEs and AMFs (a requirement for a personnel certification). ISC2 has always been relatively absent on the hill and with governments around the globe.
“If voting made any difference they wouldn't let us do it.” This is what Mark Twain wrote one hundred years ago. This is perfectly applicable to (ISC)2 philosophy. Maybe Mark Twain before writing "The adventures of Tom Sawyer" was an (ISC)2 member!