> CraginS (Advocate I) posted a new reply in Career on 07-27-2019 11:03 AM in the
> First, I > believe the CISSP is a worthwhile certification, and am glad I completed mine
Amen. I still think it's worthwhile. I still think it is a significant achievement in testing. I'm glad I took it, mostly to prove to myself that I *did* know what I was talking about when consulting, and because facilitating the seminars was a lot of fun.
> That said, I blame both (ISC)2 and a subset of CISSPs for grossly > overstating what the certification indicates. When both the organization and > some CISSPs represent it as meaning that the holder is an expert on all aspects > of information security they do us all a disservice.
Amen again. The CISSP is a *minimum* certification, a criterion-based certification. It is the *least* that a professional should know. (Not a front line worker, maybe, but a professional: a manager, consultant, or other similar position.)
> The results of that > deception are that employers have made CISSP a filter for hiring in totally > inappropriate situations, and individual CISSPs have taken on on jobs they were > not really qualified for, such that their poor performance damaged the > reputation of all CISSPs and the certification itself.
And again. And the description @CraginS goes on to provide is probably something that should go into ISC2 literature ...
Finally, I disagree with Steve @Steve-Wilme that the certification is akin to a college degree. Completed degrees have no indication of continuous updating of knowledge and skills. The CPE requirement of CISSP, CISM, SSCP, CISA, all in accord with ISO 17024, is the linchpin to making any of these certifications an ongoing indication of currency in the field.
I would also disagree with comparing a certification with a degree.
And a good proof of this is both SANS and EC-Council offer degrees. Earning their certifications is the equivalent of passing classes. So get certs will lead to a degree, but are not in themselves the equivalent.
--- Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, CIST, CIGE, ISSA Fellow