(ISC)2 is often the subject of ridicule among IT security practitioners who feel it's out of touch with the community it serves. Like any cert provider, (ISC)2 has it's strengths and weaknesses. Since I've never studied to become a CISSP or had to do the work to maintain the title, I have no personal opinion. But in seven years of writing about the security community, I've heard plenty of complaints and have written about it.
In his quest for a seat on the (ISC)2 board, Liquidmatrix's Dave Lewis makes many of the same points I've heard from others. In his petition, he writes:
So, why am I doing this? Simple really. An email went out Aug 21 from (ISC)2 that announced a few of the people who were seeking election to the ISC2 board. I realized that this was my chance to make a change. It’s time for me to do something about it rather than to sit idly by on the sidelines.
If I’m chosen for the Board of Directors here is what I’m aiming to accomplish,
1.) I want to work to restore the CISSP exam and it’s place in the community as something to be respected.
2.) I want to help bring the (ISC)2 into the wider acceptance in the community and help make it a force for positive change.
3.) I want to ensure that the (ISC)2 is representative and accountable to it’s membership.
--Related post: "Does ISC2 need change from within?"
Dave, a good friend of mine, has 15 years industry experience in IT security architecture, operations and management. Currently, I work in information security for Advanced Micro Devices. He is also the founder of Liquidmatrix Security Digest.
My goal in running Dave's petition is to generate discussion among you. I want you to go on Twitter, Facebook, Google+ or wherever else you are comfortable and share your views.Is the CISSP cert still worth attaining, or is it no longer in sync with today's security challenges? Are people complaining over a bunch of nothing or are there real problems in how (ISC)2 serves the community? While we're at it, what about the other certs and the organizations that administer them? I've brought up the criticism in a couple converations with (ISC)2 Executive Director Hord Tipton. His message: There will always be haters, but a majority of the 80,000 people (ISC)2 serves are happy."What irks people is that certs are job requirements and some folks don’t feel they need a certification to be validated," Tipton told me in one interview last year. "It's often the same people who are fussing." --More on this conversation in "(ISC)2 exec director: There will always be haters."He admitted the organization isn't perfect, and that members regularly have the opportunity to offer feedback on what could be better."We received 20,000 responses to the most recent survey," he said. "We evaluate everything we hear and use the feedback to make our certification program better." But,he added,"The quickest way to fail is by trying to satisfy everyone." One piece of feedback the organization is working into the program is a sharper focus on forensics, he said.I doubt his words will sway critics live Dave.