Articles of Interest for
Security Practitioners
Is
a Certified Information Systems Security Professional (CISSP) Certification
Worth The Time, Money and Effort?
C.L.
Freeman, CISSP-ISSAP
Information
Technology (IT) Certification Programs have been around for quite a while.
Several started out with a bang and then fizzled out after a few years. The Data
Processing Management Association (DPMA) certification is a prime example. The
main reason why so many Certification Programs have failed to maintain public /
private sector recognition, is due to one primary factor: They did not require
on-going, documented, “Skills Maintenance”. The “Certified
Information Systems Security Professional (CISSP)” certification, awarded by ISC2,
is designed to address this challenge.
After you pass the exam and are awarded the "CISSP" designation, there
is a mandatory minimum of points you must submit to ISC2 (every three
years) to keep your Certification.
The examination is tough and comprehensive. It requires on-the-job
exposure and a clear understanding of a wide range of security
technologies / concepts. There are prerequisites that must be validated by ISC2
before you are allowed to take the exam.
Don't assume a CISSP certification will suddenly “launch your career to new
heights”.
It will not help you understand or effectively apply the most
important skill you need: Effective application of "Soft Skills".
For example, it won’t make you an effective leader or member of a Team. It
will not give you a better attitude about your company or your career. You still
need to acknowledge and actively manage your soft skills if you hope to
realize the full potential this coveted certification has to offer.
Once you have the Certification, you can let the certificate “hang on the
wall” or you can use it in a wide range of ways to benefit both you and
your company. CISSP certification can further your professional goals in many
ways you may not have considered. If you are willing to apply yourself, you can
positively impact not only your career, but the future of your company and the
careers of others. You can also have a positive impact on the Information
Systems Security Profession. Consider the following possibilities:
1. If You Choose, You Can Influence the Future of the Profession
You can help Professional Security Organizations communicate their message. You
can speak at Conferences, Symposiums, Leadership meetings at your company, etc.
You now have a credible voice and you can speak if you desire. You can
help ISC2 maintain their CBK Curriculum. You can actively influence the careers
of Junior Security practitioners. The opportunities to influence the profession
at your company and internationally are available, if you choose to seek
out and act on available opportunities.
2. Provides the Opportunity to Support Information Systems Security
Organizations (Board Member, etc).
Joining Professional organizations is easy. Pay the fee and you’re a member.
You may want to get involved in your local security professional
organizations (ISSA, NCMS, etc). The CISSP designation gives you instant
credibility when you request “active” involvement in local activities. It
can also help if you choose to campaign for a leadership position on the Board
of one of these organizations.
3. You Add Value to your Company (this should be your Number One Priority)
Your “Value” to your organization should be the focus of your all of
your efforts. Decisions made by management (concerning you) are influenced by
your real or perceived value to your company. You are responsible for
ensuring that your contribution continues to support the mission and goals of
the company. The CISSP Certification and your focus on effective maintenance of
it will only support the view that you are of real value to the company.
4. Recognition by Companies
Companies (and the Federal Government) are recognizing the value of the CISSP
designation. More CIO’s and IT managers are requiring CISSP designation for
their IT Security positions. This is evident for staff, middle management and
Executive level positions. Search any job site on the internet and you will see
the influence this Certification is having on Job Descriptions.
5. Recognition by Peers and Management
Recognition by Management has it's benefits in terms of your job description /
responsibilities, future salary growth and surviving a downsizing or lay-off
exercise. It also helps with your working relationship with peers. They will
seek you out to gain your prospective on their challenges and approaches to
solving them.
6. Credibility if you Author a Paper or Give a Presentation at a Conference,
etc.
The CISSP designation can immediately offer credibility to White papers or
Articles you write for Industry publications. You can also be asked to present
on Information Systems Security topics at various conferences, symposiums and
professional organizations (Local ISSA meetings, for example). Opportunities
like this don’t just happen. You must create them by your own action.
7. Keeps You Focused on Learning New Technology and Security Concepts
This is one of the most powerful features of this Certification. Maintenance of
your CISSP requires you to take a class, write an article, attend a conference,
etc. If you don't, you can lose the designation. Most certifications do not
require "Skills maintenance". You can focus your efforts on concepts
you have a handle on or take a risk and focus your attention on technologies or
processes you don’t feel confident with.
8. Increases Your Chances for Promotion
As mentioned before, this is only possible if you are taking care of the “Soft
Skills”. If you are, CISSP certification will increase your value to the
company, therefore, your company will likely consider you in their Leadership
planning.
9. Gives You a View of Where You are Strong and Where You are Weak
Everyone who takes the CISSP examination has admitted that they were strong in
various areas, but weak in others. Most are strong in areas that link to their
current job responsibilities. CISSPs now have a unique prospective on the
"scope" of technologies and concepts a Security Practitioner needs to
remain competitive. The CBK is a great roadmap for your professional
development plan. Focus on your weaknesses and continue to care and feed
your strengths.
10. You Can Define Effective Training Plans for Your Staff
As noted above, you can plan your professional development
strategy to address your weaknesses. However, you can provide effective training
plans for your staff and peers who have chosen Information Systems Security as a
career path.
11. You Can Teach or You May be Asked to Conduct Research
The CISSP credential will offer the opportunity to teach others what you know.
Your company may ask you to teach a CBK subject to junior personnel (to support
their preparation for the CISSP exam). You may be asked to teach a subject at a
conference or professional organization. As stated previously, these
opportunities don’t just happen. You must seek out all opportunities to keep
your skills sharp.
We want to hear from you. Do you have an article of interest for our
subscribers? Please contact the Chief Editor at
We use a "Question/Answer" format in all articles.
Solutions
Publication
We want to hear from you. Do you have an article of interest for our
subscribers? Please contact the Chief Editor at
We use a "Question/Answer" format in all articles.