The UK’s designated national agency responsible for providing information and expert guidance on qualifications (UK NARIC) recently announced that the Certified Information Systems Security Professional (CISSP) credential offered by (ISC)2 is rated as being RQF Level 7, and equal to a particular level of a Master’s Degree.  This declaration is not without precedent.  It follows the announcement made by a similar assessment organization in the US that granted college credit eligibility for six (ISC)2 credentials.  One would expect that this would cause a cheer in the InfoSec community.  Well, not so fast there, cowboy.

It turned out that the UK NARIC announcement caused an equal amount of groaning as well.  Cries of “Total Bullocks”, and even more colorful language, were shared across the social spectrum.  Those who completed Master’s Programs were outraged.  Others, who knew of people who passed the CISSP exam “without studying”, were equally dismayed.  This quickly became a heavyweight bout in the making.  Or is it just another day in InfoSec?

Certification bashing has been taking place for many years, so it is not surprising to see it continue.  Some highly qualified individuals in the InfoSec profession have often made their feelings known about the value of a certification.  Now that universities are offering Master’s Degrees in Cybersecurity, it just adds to the rabble.  However, is all this anger misplaced?  Does it serve us well as a community?

The most disturbing part about this kerfuffle about a Master’s Degree versus the CISSP, is that it occurred on the same day that an article ran in this publication about the CyBOK project.  CyBok is the Cyber Security Body of Knowledge Project.  It is an 800+ page document (Read more...)