CISSP Certification Uncertainty

Would I want to belong to a club (ISC2's CISSP certification) that had me as a member? As it turns out, I do.

As far as industry certifications go, the CISSP has a lot going for it. According to (ISC)2, there were 13,397 Certified Information Systems Security Professionals as of December 2002. Meanwhile, an article in Certification Magazine says that the CISSP certification is the best, most highly ranked industry certification of them all. Perhaps that explains why Amazon.com lists 15 books with the letters "CISSP" in their titles, including my personal favorite, CISSP for Dummies, by Lawrence Miller and Peter Gregory.

Certainly, (ISC)2 takes itself quite seriously, and the organization is working to resolve some of the aforementioned problems. And given the status of other industry certifications, it's easy to see why the CISSP is largely regarded as the "gold standard." Bottom line: Would I hire somebody who has a CISSP certification over somebody who doesn't? Absolutely. But, of course, it's best to look for more than just the CISSP certification: things such as degrees from established, accredited colleges and universities, real-life work experiences, references and referrals.

The biggest reason for my endorsement goes back to that CISSP Common Body of Knowledge: If a person has a CISSP, then I know that he has probably read at least one book on the topic of computer security. The job applicant probably knows something about physical security, something about policy formation, something about access control, something about encryption and so on. Sadly, that puts his rÃ©sumÃ© far ahead of most others that cross my desk. n