The view from the other side.

Many thanks to Wim Remes, (ISC)^2 board member, for sending me his view of the cert issue and for letting me post it here. DISCLAIMER: this is Wim’s own view and does not represent the rest of the board or the organization as a whole.

Hey there,

I do disagree on the CISSP being an entry level cert. It’s a pity it has been used by HR drones as a bar for selection because I honestly believe that was never the goal of the cert. With prevalence came expectations too high for a piece of paper to fulfill, or for an organisation to prove the contrary. In my opinion the cert, first and foremost, establishes a common vocabulary among professionals that allows us -even though from different backgrounds and with different focus areas- to talk the same language and understand eachother. The second part I believe the organisation does -not the cert itself- is support an ecosystem of professionals. This has been established through a revised strategy (member-focused instead of product-focused) last year and the establishment of our chapter program. This ecosystem relies on an influx of ‘new’ people and the support of ‘elders’.

While I respect your decision, I don’t think it’s the right one. In what we are trying to accomplish, people like you are elementary. And frankly, there is no other org that is positioned to even try this.

If anything, we need to work on communication. I do know that more than 50% of what I’ve written here is not commonly known among the membership and that is a very sad state of affairs.

We have done nothing but focus on preparing the org to go full force on the member-focused strategy, because it is the right thing to do.

Again, I fully respect your decision. Nothing I can do about that.


*** This is a Security Bloggers Network syndicated blog from Idoneous Security authored by Wendy Nather. Read the original post at: