As a CISSP, I'd say that, in a way, you have proven the point. You have 10 years experience. You've been around enough to know the wide range of knowledge that a true Information Security Professional should know. You may not be a firewall junky, but you probably know enough about firewall technology to know where to start. You probably know enough about Law, Investigations, and Ethics to know what you don't know. You probably have, through experience, covered most of the 10 domains in sufficient depth to not be out of water when discussing these topics with management, or with the Board of Directors.

But, if you maintain that you shouldn't have passed and have great test taking skills, so be it. The new changes to the CISSP also require that a current CISSP, in good standing, attest to your current experience level and your personal worth. This, in my opinion, adds a little more to the process than the test. Anyone can pass a test, but if after 4 years (or three years with 4-year degree) of working in one of the 10 domains, and with a current CISSP backing one's qualifications and claimed knowledge level, the CISSP should be able to help sort the wheat from the chaff.

This all depends on how ISC^2 gets the word out.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/118/16909#16909