Outstanding!

I could not agree more. How many certifications out there truly measure someone's talent and occupational ability versus simply their test taking ability - aside from Cisco? I have conducted security assessments and such for over 4 years now and have yet to take the exam - though I do plan on doing so in the near future. While I lack the exam as part of my credentials, I have known many others with a CISSP certification who would have a difficult time spelling "security" let alone being able to competently practice it. These certifications, for the most part, are a fantastic marketing ploy whereas whoever comes up with the coolest buzzword and a test makes the most money - boy, I wish I could think of one.

But, on the flipside, what else is there to gauge a person's credentials? While I may consider it a marketing ploy, there has to be some way to "verify" security professionals just as you would be able to "verify" the credentials of a doctor, lawyer, engineer, etc. SANS is doing a good job from what I've seen but, aside from that, ISC2 is the next closest.

Thus, the CISSP exam is a necessary evil. If you want to be in the game, you've got to play by the rules...i.e. pay your $450 and live with it. Maybe someday I'll actually do the same.

Good article.

Christopher H. Ray
Director, Information Security

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/67/11003#11003