I've seen the holy wars already on this topic, so I will be brief. First of all, I do not discourage anyone from going for the CISSP. If you can learn the information required to pass the test, you will have an idea of the fundamentals you should know in security. Passing the test most certainly does NOT prove that the holder is an experienced security professional. (I think we all have met CISSPs who couldn't write a policy or demonstrate the fundamentals of encryption, for example.) It means that the person read the right information and passed the test. I held the CISSP for three years, and let it expire in 2000. The certification allowed me (in 1997, when I achieved it) to get a pay raise from my then-employer, but after that, I didn't use it for anything, nor did I derive any other benefits from it. Most often I had people ask me, "What's the CISSP on your business card for?" Further, ISC2 did not require me to produce any documentation that demonstrated my three years' experience requirement. I had 12 at the time, but I didn't have to prove it. I paid the fee, took the test, and got the cert and a nice pin. In fact, other than for the time-in-grade requirement, you don't need three years' experience to pass the test. You simply have to study the right materials. The worst part of it all is the requirement for "continued education" to keep the certification. The same applies for the CISA. To get some of the credits you need, you can do things that do not enhance your security knowledge, like attending completely worthless security seminars. Oh yeah, that and the crazy fees you pay every year to remain active. I only offer this opinion in the hopes that those who read articles on certification do not get the very wrong impression that having the CISSP will absolutely land you a good job, or even that it will get you picked over someone else who doesn't have it. It is simply not true. The very last line really says it all - you can't go wrong with it, either. Florindo _________________________________________________________ Florindo Gallicchio * Director, Security Assessment & Compliance * Radianz * 492 River Rd. * Nutley, NJ 07110 USA * +1 973 662 3158 * florindo.gallicchioat_private |--------+-----------------------> | | "Meritt | | | James" | | | <meritt_james| | | @bah.com> | | | | | | 12/14/2001 | | | 11:32 AM | | | | |--------+-----------------------> >------------------------------------------------------------------------------------------------------------------------| | | | To: securityjobsat_private | | cc: | | Subject: Article: 10 Hottest Certifications for 2002 | >------------------------------------------------------------------------------------------------------------------------| Certified Information Systems Security Professional (CISSP) Vendor: ISC2 Category: Security Reader Interest Score (out of 20): 7 Buzz Score (out of 10): 9 Total: 16 Sure, there are plenty of great security certifications out there. But when it comes to reputation, the CISSP leads the pack, and for good reason -- it's far and away the most difficult to achieve. First, candidates must provide documentation that they have three years of hands-on experience in a particular security specialty. Only then are they given the opportunity to battle the title's monster of an exam (six hours to tackle 250 questions covering a broad range of material-study groups, here you come). So even though not many of you said you're planning to get this certification next year (thus the low reader interest score of 7 out of 20), it still made into our top 10 based on its buzz (a 9 out of 10 - the highest score we gave to any certification on this list). Security is sizzling and will be even hotter in 2002, and certs that are tough to get are always in demand. All of our experts agreed: For those of you who meet this title's requirements, it's impossible to go wrong with the CISSP." Full article at http://www.certcities.com/editorial/features/story.asp?EditorialsID=37
This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 10:23:50 PST