Wednesday, September 5, 2007


Brother Andy sums up nicely the debate that has been happening on the Security Bloggers Network (see right column) about CISSP.

He also sums up most of what I think of the Cert:

  • It shows that the person is serious about security.
  • It opens doors. Even Australian immigration.
  • It is easy for headhunters to spot. And match up with.
  • The ISC2 is a problematic organisation.
  • CISSP is not for everyone.
Of course, I have my bit to add:

Terry Pratchett writes amazing stories with some deep concepts. One word he created (or at least a Witch of his Disk World created) is headology. Basically, a witch will never be caught without her hat because once the hat is on anything the witch does, magic or not, will be seen to have been done through the use of magic.

I believe the CISSP is our headology. For security people to be taken seriously we need the tools to make people we are serious and that includes (for better or worse) a professional organisation such as the ISC2 and a certificate of membership - the CISSP.

Having a CISSP doesn't make me very more knowledgeable about Information Security than the me before the exam but it does show that I am serious about Information Security and want to be seen as an Information Security Professional.

It also helps in Information Security debates to sign the extra little letters with a flourish. Headology.
Post a Comment