> Finally, the certification was originally designed > for and by federal gov't types...govvies. Many of > the questions when I took the exam in '99 were > heavily weighted toward the Rainbow Series, > particularly the Orange and Red books. The CPEs > are heavily weighted toward govvies, as well...I > don't know many commercial consulting firms that > can have their employees running off to > conferences and doing other things that they can't > bill to, all to get these CPE points.
Oh, I don't know...I'm a 'govvie' and I'm just a couple of hours short of recertification for CISSP without attending a single conference. I will admit, though, that all certifications in the InfoSec field that I've investigated (not just CISSP) are pretty darned self-serving. They tend to be highly competitive with one another, and to me that just hurts us in the overall picture. Certs should ideally be complementary or reinforcing, not mutually exclusive. I'd be a lot more inclined to pursue GIAC (I'm a big fan of SANS) if they weren't so frankly anti-CISSP. I'm sure GIAC folks find the reverse to be true. Instead of competing against one another, it would be nice to see some cooperation and a concerted attempt for each to fill in the gaps left by the other. Cheers, RGF Robert G. Ferrell, CISSP http://rferrell.home.texas.net/rgflit.html [EMAIL PROTECTED]
