[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SAGE] CISSP Certification Penetration?
On Tue, Mar 02, 2004 at 01:38:48PM -0600, Mark McCullough wrote:
> On Tue, 2004-03-02 at 13:11, Marius Strom wrote:
> > Anyone here have any idea on what kind of penetration CISSP certs
> > have?[1] I'm noticing more and more people putting them as requirements,
> > but I only know of one person who's seeking it (and no one who's got
> > it).
>
> It's more of a business cert for non-technical people from what I've
> seen. The security group at my company has very high penetration of
> that certification among the non-technical people in security. We are
> starting to advise that people who are less than clueful on security
> matters at least review the study materials for that certification so
> that they can at least speak the same language and understand some of
> the basic issues and concerns in security.
Indeed. From what I've seen, the "must have worked in security capacity
for X years, must be vouched for by existing CISSP" requirement is being
handily sidestepped these days, demonstrating that it's possible to turn
pretty much anything into a purely paper certification.
(NOTE: Just checked current requirements. Seems they changed, or I
misremembered them: 4 years' field work, or 1 year + degree, and
vouchsafing by another CISSP or your employer or "another certified
professional".)
So, it looks to be just another 250-question multiple-guess cert, with
a relatively high test cost ($450 or so).
To address the original poster's question, this means, in my mind, that
the penetration will increase. Now that anyone can cram and get one,
and now that they're becoming prevalent as a hiring criterion, you'll
see more of them (and the cert will be devalued as folks flock to get
it).
--
Mark C. Langston Sr. Unix SysAdmin
mark@bitshift.org mark@seti.org
Systems & Network Admin SETI Institute
http://bitshift.org http://www.seti.org