The (ISC)² and CISSP Dilemma

Preface: Go read Jericho's post now: "My Canons on (ISC)² Ethics - Such as They Are"

It's been a career-long dilemma in infosec: to get the CISSP or not to get the CISSP? I finally broke down in 2003 and took the exam, all at personal expense. My career had reached a point where the only way to get past the mindless recruiter/HR drones was to have those 5 letters after my name so that they could check the box and move an application along. It was annoying.

Not long after getting certified, I joined the CISSPforum mailing list. It was interesting for a while, but quickly fell into a repetitive pattern. The same people would dredge up the same whiney complaints every few months. The "discussions" would go in the same circular patterns. No meaning would come of it.

Underscoring the lunacy of the CISSPforum was the presence of a couple local "personalities" who would drive any sane, sober person to heavy drinking. A couple people were just plain ignorant, arrogant idiots who couldn't help me express themselves in an irritating and inflammatory manner. No value was added.

By 2006, I finally reached the extent of my tolerance for such stupidity, and I turned off email notifications altogether (thus, I could stay on the list while not having to deal with its drama). For me, a major tipping point was that a couple freshly minted CISSPs had joined the list and immediately started bullying people on the list, declaring that their absurdly narrow definition of security was the only definition, and loudly lambasting anybody who dared post stories that they viewed as being "out of scope." When it became clear that (ISC)² would not be doing anything to address these issues, it became clear that it was a time-waster that needed to go. I've not looked back since then.

I still maintain my CPEs and pay my AMFs, but that's about all the time I put into my CISSP. Honestly, I'd let it lapse if I thought doing so wouldn't hinder my ability to get a job in the future. That is, I didn't think much about it until I read Jericho's excellent piece on InfoSec Island: "My Canons on (ISC)² Ethics - Such as They Are." I highly recommend reading it. In fact, if you're a CISSP, it's mandatory reading - in its entirety!!! Of course, as he guesses at the end, it's unlikely most CISSPs will read that far. They're too proud of those letters to realize that they're simply enabling bad behavior; empowering (ISC)² to continue being the unfair, inconsistent wonks that they are. Perhaps the greatest pity in all this is the various Federal mandates that security people get their CISSP certification, as if passing a multiple-guess test demonstrate anything at all; especially in the age of CISSP boot camps. Anyway...

Go read this now: "My Canons on (ISC)² Ethics - Such as They Are"

About this Entry

This page contains a single entry by Ben Tomhave published on September 7, 2011 8:06 AM.

Trying to Travel Minimally was the previous entry in this blog.

Why Netflix Is Splitting-Up is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives

Pages

  • about
Powered by Movable Type 6.3.7