• United States



(ISC)2 exec director: There will always be haters

Sep 01, 20113 mins
Data and Information Security

I got on the phone this morning with (ISC)2 Executive Director Hord Tipton to discuss the ridicule his organization has received from security practitioners who feel it’s out of touch with the community it serves.

His message: There will always be haters, but a majority of the 80,000 people (ISC)2 serves are happy.

“What irks people is that certs are job requirements and some folks don’t feel they need a certification to be validated,” Tipton told me. “It’s often the same people who are fussing.”

He admitted the organization isn’t perfect, and that members regularly have the opportunity to offer feedback on what could be better.

“We received 20,000 responses to the most recent survey,” he said. “We evaluate everything we hear and use the feedback to make our certification program better.” But,he added,”The quickest way to fail is by trying to satisfy everyone.” One piece of feedback the organization is working into the program is a sharper focus on forensics, he said.

It’s doubtful his words will sway critics, including Wim Remes, an IT security practitioner who is vying for a seat on the (ISC)2 board of directors.

In his petition for a spot on the ballot, Remes wrote:

As the talk about the disconnect between (ISC)2, with their CISSP cert still regarded as the golden standard by some, and the information security community ran rampage this year, two things struck me.

1.) A lot of people don’t have a positive view about the organisation, the certifications and what they both mean to the community and our industry.

2.) Not a single response was seen from (ISC)2.

While I like to troll sometimes and not do anything, in this case I want to step up and try to do something instead of sitting around and doing nothing.

That’s why I decided to run for the ballot this year. Some might see my goals as lofty, (ISC)2 being the institution that it is, but I firmly believe that change starts by doing stuff, not standing on the sidelines.

This post and the one I wrote Monday are designed to get some discussion going on what (ISC)2’s strengths and weaknesses are and how specifically it can do better.

So let’s discuss:

Is the CISSP cert still worth attaining, or is it no longer in sync with today’s security challenges?

Is it good or bad that many companies require prospective employees to be CISSPs?

Are people complaining over a bunch of nothing or are there real problems in how (ISC)2 serves the community?

While we’re at it, what about the other certs and the organizations that administer them?

Is the CISSP exam fair and kept up to date to reflect changing technologies and threats?

Speak up, please.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a