[Owasp-ireland] CISSP

Gary Newe G.Newe at F5.com
Tue Aug 25 08:15:10 EDT 2009

Hi Guys,

As a CISSP for over 4  years now I agree with some of the points.
It is an established a baseline (a low baseline) of knowledge about security in general but gives someone a broad view of what is required. Also the fact that you need experience before you are eligible is good.
In my opinion it is more a door opener and brings with it a level of credibility when I am meeting clients. It does not mean that I am an expert but I understand enough to know when to call in the experts, which is very important.
Regarding keeping it up to date, I agree with Mary, you don't really get value for money for the AMF and the CPEs can very easily be created and I have never heard of anybody being audited yet.
As regards advancing a career, it certainly helped me, but my background has always been network security so it was a logical step. I think in places like the US and possibly the UK the CISSP has more weight and is held in higher regard by employers, but as with anything, if you hire based on a qualification only you are heading for trouble.
Think of it like PCI, it is a low baseline, it will do no harm but it is by no means the be all and end all of security. At the end of the day it is really a memory test but at the moment I think that it is the best we have.

That's my 2c.



From: owasp-ireland-bounces at lists.owasp.org [mailto:owasp-ireland-bounces at lists.owasp.org] On Behalf Of Browne, Mary (GE, Corporate)
Sent: 25 August 2009 12:39
To: Eoin; owasp-ireland
Subject: Re: [Owasp-ireland] CISSP

Hi Eoin,

I am a CISSP, certified in August 2007.

It is interesting that you brought up such a subject at this point as I frantically struggle to maintain my annual CPE's (I don't suppose you fancy having 6 hours worth of chapter meetings in the next 7 days?) I am beginning to rethink the merits of actually maintaining the certification.

At this stage 80% of my CPEs are from podcasts. So for my AMF's what does ISC2 do for me?

According to its official website:

"In a world full of security threats, the need for skilled, knowledgeable information security professionals has never been greater..... Certification by a respected accreditation organization is becoming indispensable to the information security professional. ..... credentialed practitioners have a higher earning potential, as well as greatly expanded career opportunities. "
Is there a market for CISSPs? A quick search for the key word in Irish Jobs returns 5 hits. The same search for 'Business Analyst' returns 5949 hits.

Late last year while job hunting the only 'CISSP desirable but not essential' role I was offered was as a glorified DBA with a not very glorified salary.

So the cycle continues, I take the Project Management and Business Analyst roles moving further and further away from gaining the 'Industry Experience' required for a CISSP aligned Security role, and practice IT Security in my 'spare time' to retain my certification.

Any arguments in favour of the CISSP as a career advancing certification would be greatly welcome!


From: owasp-ireland-bounces at lists.owasp.org [mailto:owasp-ireland-bounces at lists.owasp.org] On Behalf Of Eoin
Sent: Tuesday, August 25, 2009 10:07 AM
To: owasp-ireland
Subject: [Owasp-ireland] CISSP
Dave Lowry and myself were discussing the merits of having CISSP.
I believe it is useful from a credential perspective but does not imply skill or aptitude for security in general.

May I ask who is CISSP and what do they think of its usefulness and relevance?

BTW, every hour in attendance at the OWASP event on Sept 10th is worth one CPE credit towards your CISSP or CISA.



OWASP Code Review Guide Lead Author
OWASP Ireland Chapter Lead
OWASP Global Committee Member (Industry)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-ireland/attachments/20090825/e1ab8b6f/attachment-0001.html 

More information about the Owasp-ireland mailing list