I got on the phone this morning with (ISC)2 Executive Director Hord Tipton to discuss the ridicule his organization has received from security practitioners who feel it’s out of touch with the community it serves.His message: There will always be haters, but a majority of the 80,000 people (ISC)2 serves are happy.“What irks people is that certs are job requirements and some folks don’t feel they need a certification to be validated,” Tipton told me. “It’s often the same people who are fussing.”He admitted the organization isn’t perfect, and that members regularly have the opportunity to offer feedback on what could be better. “We received 20,000 responses to the most recent survey,” he said. “We evaluate everything we hear and use the feedback to make our certification program better.” But,he added,”The quickest way to fail is by trying to satisfy everyone.” One piece of feedback the organization is working into the program is a sharper focus on forensics, he said.It’s doubtful his words will sway critics, including Wim Remes, an IT security practitioner who is vying for a seat on the (ISC)2 board of directors. In his petition for a spot on the ballot, Remes wrote:As the talk about the disconnect between (ISC)2, with their CISSP cert still regarded as the golden standard by some, and the information security community ran rampage this year, two things struck me.1.) A lot of people don’t have a positive view about the organisation, the certifications and what they both mean to the community and our industry.2.) Not a single response was seen from (ISC)2.While I like to troll sometimes and not do anything, in this case I want to step up and try to do something instead of sitting around and doing nothing. That’s why I decided to run for the ballot this year. Some might see my goals as lofty, (ISC)2 being the institution that it is, but I firmly believe that change starts by doing stuff, not standing on the sidelines.This post and the one I wrote Monday are designed to get some discussion going on what (ISC)2’s strengths and weaknesses are and how specifically it can do better.So let’s discuss:Is the CISSP cert still worth attaining, or is it no longer in sync with today’s security challenges?Is it good or bad that many companies require prospective employees to be CISSPs? Are people complaining over a bunch of nothing or are there real problems in how (ISC)2 serves the community?While we’re at it, what about the other certs and the organizations that administer them?Is the CISSP exam fair and kept up to date to reflect changing technologies and threats?Speak up, please.–Bill Brennerone-stop view of latest business threats. We created it for you! Bookmark it! Use it!CSO’s Daily Dashboard gives you a Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe