I've seen the holy wars already on this topic, so I will be brief.
First of all, I do not discourage anyone from going for the CISSP. If you
can learn the information required to pass the test, you will have an idea
of the fundamentals you should know in security. Passing the test most
certainly does NOT prove that the holder is an experienced security
professional. (I think we all have met CISSPs who couldn't write a policy
or demonstrate the fundamentals of encryption, for example.) It means that
the person read the right information and passed the test.
I held the CISSP for three years, and let it expire in 2000. The
certification allowed me (in 1997, when I achieved it) to get a pay raise
from my then-employer, but after that, I didn't use it for anything, nor
did I derive any other benefits from it. Most often I had people ask me,
"What's the CISSP on your business card for?" Further, ISC2 did not
require me to produce any documentation that demonstrated my three years'
experience requirement. I had 12 at the time, but I didn't have to prove
it. I paid the fee, took the test, and got the cert and a nice pin. In
fact, other than for the time-in-grade requirement, you don't need three
years' experience to pass the test. You simply have to study the right
materials.
The worst part of it all is the requirement for "continued education" to
keep the certification. The same applies for the CISA. To get some of the
credits you need, you can do things that do not enhance your security
knowledge, like attending completely worthless security seminars. Oh yeah,
that and the crazy fees you pay every year to remain active.
I only offer this opinion in the hopes that those who read articles on
certification do not get the very wrong impression that having the CISSP
will absolutely land you a good job, or even that it will get you picked
over someone else who doesn't have it. It is simply not true. The very
last line really says it all - you can't go wrong with it, either.
Florindo
_________________________________________________________
Florindo Gallicchio * Director, Security Assessment & Compliance *
Radianz * 492 River Rd. * Nutley, NJ 07110 USA *
+1 973 662 3158 * [EMAIL PROTECTED]
|--------+----------------------->
| | "Meritt |
| | James" |
| | <meritt_james|
| | @bah.com> |
| | |
| | 12/14/2001 |
| | 11:32 AM |
| | |
|--------+----------------------->
>------------------------------------------------------------------------------------------------------------------------|
|
|
| To: [EMAIL PROTECTED]
|
| cc:
|
| Subject: Article: 10 Hottest Certifications for 2002
|
>------------------------------------------------------------------------------------------------------------------------|
Certified Information Systems Security Professional (CISSP)
Vendor: ISC2
Category: Security
Reader Interest Score (out of 20): 7
Buzz Score (out of 10): 9
Total: 16
Sure, there are plenty of great security certifications out there. But
when it comes to reputation, the CISSP leads the pack, and for good
reason -- it's far and away the most difficult to achieve. First,
candidates must provide documentation that they have three years of
hands-on experience in a particular security specialty. Only then are
they given the opportunity to battle the title's monster of an exam (six
hours to tackle 250 questions covering a broad range of material-study
groups, here you come).
So even though not many of you said you're planning to get this
certification next year (thus the low reader interest score of 7 out of
20), it still made into our top 10 based on its buzz (a 9 out of 10 -
the highest score we gave to any certification on this list). Security
is sizzling and will be even hotter in 2002, and certs that are tough to
get are always in demand. All of our experts agreed: For those of you
who meet this title's requirements, it's impossible to go wrong with the
CISSP."
Full article at
http://www.certcities.com/editorial/features/story.asp?EditorialsID=37
