You indicate that the CISSP exam was a joke, yet you also mentioned that you have some 14+ years of infosec experience. I would argue that your experience transcended the exam, not that the exam itself was a joke. The CISSP certification is meant to validate a very broad understanding of information security issues from a security management perspective. I took mine at about the 6 year security mark (10 years in IT). While I did not "prepare" (though I did brush up on things like security models), I did not find the exam to be especially challenging either. Based on the target 3 to 5 years of experience recommended for the exam, I felt that the content was as appropriate as it could be (though somewhat outdated from a technologies perspective). Again (as stated in another post I've made here) each of these certifications has its place in the market... It all depends on what your career plans call for. As the Information Security Officer for a Fortune 500 company, I assure you that the CISSP was but one milestone on the road of professional development. At worst, you can consider it a necessary evil ;-)

Thank You
Brad Bemis, CISSP, CISA, CBCP
MCSE, MCP+I, CCNA, CCDA, NNCSS, Network+
Information Security Officer


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/118/16976#16976