Good for another three years (CISSP-ISSAP, HCISPP)

beadsbeads Member Posts: 1,533 ■■■■■■■■■□
This morning I received the official emails, four all together. Stating that I have passed my CPE credits for all three certifications, paid my AMFs for the next three years and as an ADDED BONUS... You can now carry up to 40 credit hours over from your last six (6) months of submitted CPEs.

That last comment is important as many of us submit more than enough credits over the three year period to re-certify. Carry those 40 hours will make a nice dent in this years new requirements nonetheless.

This ain't my first rodeo, thanks, nor my first re-certification with the ISC2.

Wishing all current cert holders the best of luck but keep your audit trails up to date. icon_silent.gif

- b/eads

Comments

  • dou2bledou2ble Member Posts: 160
    I did not see the carryover announcement. Thanks for posting.
    2015 Goals: Masters in Cyber Security
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    @dou2ble;

    That's why I am posting it here without copying and pasting the direct quote. Which of course would be naughty and probably get me into some sort of administrative trouble with ISC2. I've been plenty hard enough on them already this year with the annual survey "of things we should be doing better but would rather survey you about..."

    - b/eads
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    Free country, beads! I'd like to see the exact wording as well - this was a huge peeve with people earlier when they first announced the changes.
    Working on: staying alive and staying employed
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    colemic wrote: »
    Free country, beads! I'd like to see the exact wording as well - this was a huge peeve with people earlier when they first announced the changes.

    "CISSP credential holders will only be able to rollover up to 40 Group A credits earned in the last six months. These CPE credits will now be eligible to satisfy the annual CPE requirement for the first year of the next cycle to the member’s base credential."

    Since its colemic's free country. Satisfied or do you need all four emails to include transcripts so you can take you time and understand everything involved at your own pace? Don't worry, its self study.

    I still believe this is one of those exams that is more worthwhile to those who don't have it than to those who have. After 9 years I will probably allow this one to expire and see how the market reacts.

    - b/eads
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    As as huge changes? Really? Hardly worth noticing. Just do your CPEs as normal and you should have more than double what you need, don't you think? Maybe thinking is too much here. The real effort isn't in submitting the CPEs - it's keeping the audit trail clean and ready to go for three years. Then again... I am definitely of the persuasion that EVERYONE should be audited, every year by timestamp.

    Perhaps the new requirements will thin out the herd a bit.

    - b/eads
  • dou2bledou2ble Member Posts: 160
    beads wrote: »
    I still believe this is one of those exams that is more worthwhile to those who don't have it than to those who have. After 9 years I will probably allow this one to expire and see how the market reacts.

    - b/eads

    That's bold. I don't think I'd be willing to do that. Don't want to sit for a 6 hour test again. lol!

    In another discussion you mentioned you're going for CRISC. I'm curious to know why. I grandfathered in but haven't found much value in holding it. What am I missing out on?
    2015 Goals: Masters in Cyber Security
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    Truth is I don't see much value to most certifications anymore. I do derive value by making myself take the exam as a way of gauging my own expertise in a given field. CRISC in actual practice is more of a specialization of the PMP with an IT concentration. In other words, pretty simple if your familiar with the material. Why certify? Really only needed if your contracting or consulting in the field. Otherwise, don't bother. The DoD has been the biggest proponent of certification and have made a mess of the field. Like much of what the Government touches, turns into a bureaucratic nightmare.

    I've meet far and away too many folks who have past an exam trying to get there foot in the door or security industry. The certifications have become a bit passe', say the least. Just read this board and you'll get the overall idea that there are too many people willing to **** the requirements and "achieve" a credential, usually the CISSP, at any cost. Not to make this sound only about myself but I do feel at times to be the only person around who is offended by the whole paper tiger/paper CISSP. Its really just the latest in a battery of abused tests starting with the Certified Novell Engineer (CNE) of years past. Show me a hands on lab based exam for security and it'll have some credence. Otherwise, welcome to the brass ring of security club - useless as many I have meet.

    Cheaters that hold the CISSP do the current holders absolutely no good as the reason for the certification has been nullified by a bunch of get rich quick, carpetbaggers. Cut the dead weight loose and expose them for what they are - frauds. Why bother keeping a certificate going after a decade if your perception is more negative than positive? The ISC2 does not appear to be able to govern itself let alone the obvious fraudsters not to mention the CISSPs that sign off on these people. Noble intent but lets be realistic here - its not working as intended.

    Unless employers are adamant about having a "current" piece of paper that has been recertified three times, I'll be inclined to drop it and cruise or move to the next hot cert before its highjacked. I could do this test in about 90 minutes if pressed to do it again, so that's hardly a big loss. Its really an easy test once you have the experience.

    - beads
  • dou2bledou2ble Member Posts: 160
    I do agree that it has become watered down but when reviewing resume's it has helped provide some separation and distinguish certain individuals when calling in candidates. Experience plus the cert is better then no experience plus cert or experience but no cert. I think what we need is a certification with a difficulty level between the CISSP and GSE (This might be too technical so bad example). Maybe that's what the CISSP concentrations are supposed to be. The ISSEP was a real challenge for me and I'd say 4 times tougher than the CISSP. 3 months studying compared to 1 year (off and on because it was too much to remember).

    You used to really need security experience to pass the CISSP but I've seen non-IT pass it now. That's a joke! A technical writer that I know passed it first try. It's not supposed to be a cert to get your foot in the door. It's supposed to show you're already in and on the dance floor with both feet. What if they added an interview portion to the test? You'd be drilled on every domain with specific questions that any CISSP should be able to explain. For example I know many who passed but can't explain cryptography or access control. If you can't teach it then you don't know it...is my opinion.
    2015 Goals: Masters in Cyber Security
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    @dou2ble;

    In there lies the problem. Non-IT people, not even IT security people are passing a test once designed to be a mid-career confirmation of years of work experience. "Watered down" does begin to describe the exam at this time. The CISSP is now a basic entry level exam and, at least for me, treated with much more suspicion than in the past.

    Meet people similar to your example of the tech writer turned CISSP, over night. Many. Too many as of late. Blame the media hype; past ISC2 leadership; and certainly your fellow CISSPs who will lend credence (endorsement) to anyone who asks. Now as to the why its E-A-S-Y to pass this test with little more than a pulse and two firing neurons? Go to Amazon and type: CISSP. I received 822 hits. There is more than enough material to spoon feed anyone enough pablum to pass this test. Let alone two to five attempts. Five? Really?

    It can still be on my resume as retired. I do with other older certs or items I don't bother with like the PMP, et. al. As with all the other little pieces of paper that I own, all are kept in a neat manilla folder with the rest of them. If an employer wants to verify by paper, they are free to peruse the entire pack. Most don't and the CISSP is becoming shockingly common enough where no one will bother checking for credentials anymore. No one has ever taken me up on the offer though I have shown people the impressive stack in person and in interviews if they are adamant on certs. Why bother?

    Certs have become the new entry level credential for job seekers and we are all at fault.

    - b/eads
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    @beads

    I'm not sure what exactly you are complaining about.

    Yes, there are plenty of materials out there to prepare anyone who can hold it. Books, lectures, bootcamps. Is it a problem? Are the CISSPs supposed to pass the exam only based on their experience and not books, in your opinion? Still, e.g., AIO is a huge and very technical book that you have to read and understand what you've read. I, personally, don't necessarily buy what you've said about some person who has no clue about cryptography but still passed the exam.

    Are you complaining about CISSP being overcrowded (around ~60k inside the US)? Yes, even if we assume that everyone of them is really qualified, the value of the cert goes down each time someone passes it and crowd gets bigger. Eventually it may drop to zero value when everybody in IT has it. But it's a nature of any other exam out there or even any higher education. Don't know if it is worth complaining when the problem clearly can't be solved.

    (ISC)2 does a good job of producing new questions and flushing old ones, it successfully fights brain **** out there. E.g. MS exams are much worse in this aspect.

    Do you have anything to suggest here? Maybe increase the number of questions to 1000 and time from 6 hours to 12 to make sure that every cryptography aspect is covered each time and a person who has no clue can't sneak in? Or maybe waste CPE idea and force everyone to pass it again every three years?

    Plus, IT develops, okay. I could have landed a good job in 2000 if I knew active directory and knew how to migrate NT 4.0 domains to AD. Now it's a must to know AD these days and on a pretty advanced level. In general, knowledge loses its value over time, provided that more and more people become knowledgeable.

    And mankind hasn't developed so far any other means to assure someone's level of education but formal assurance. Everything and everywhere in education works that way. One person can read and practice everything, another can just do bare minimum to pass tests and both graduate. That's why technical interviews exist each time you apply for a decent job: because your diplomas/certs just make sure that you pass thru infamous HR filter, but after that you have to prove yourself because nobody trusts your diplomas and certs 100%. You can easily find threads on forums claiming that higher education sucks these days, losing value, blah-blah. It's just the same story here.

    And that happens all the time unless people know each other personally on a very deep level. But that's impossible to know each other person out there on that level. That's how human society works, telepathy doesn't exist and we have to rely on formal methods to quickly assess someone's proficiency, especially if we can't evaluate the person by ourselves. That's where certs and diplomas play their role.

    CISSP is not a magic bullet and it shouldn't be perceived as a measure of everything in cybersecurity. It's just another cert that shows that a person who passed it has some degree of knowledge in 10 domains. That's it. And BTW not necessarily all 10 domains, but just enough to pass the passing score.

    After all, many cybersecurity professionals don't have practical knowledge about, e.g., electronic security, never designed physical access control and don't understand how to design a good CCTV system or fire suppression and have purely theoretical knowledge about that. Do you want (ISC)2 to put you in the field, read the manuals and datasheets and assemble a CCTV or fire suppression system from scratch? Or you are okay with you theoretical knowledge? Or you would argue that they should **** fire extinguishers and fire classes from the exam?
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    Dang dude. No, I don't need to see your transcripts. :) You curmudgeon you.

    Regarding the changes, I believe that when they first announced changes to the CPE program, people were gritching about NOT being able to roll over ANY CPEs from year to year. Personally I have no problem whatsoever with collecting (and documenting) a voluminous amount of CPEs every year.

    I can see why you think it has more value to those without than those with, but you know what? It's gotten me past HR before, and that alone makes it worth maintaining for me. I really don't care about the cert all that much, except for its magic ticket qualities - I don't use it to quantify someone's expertise in InfoSec. When the value I get from it changes, then I will look at whether or not I want to keep it.
    beads wrote: »
    "CISSP credential holders will only be able to rollover up to 40 Group A credits earned in the last six months. These CPE credits will now be eligible to satisfy the annual CPE requirement for the first year of the next cycle to the member’s base credential."

    Since its colemic's free country. Satisfied or do you need all four emails to include transcripts so you can take you time and understand everything involved at your own pace? Don't worry, its self study.

    I still believe this is one of those exams that is more worthwhile to those who don't have it than to those who have. After 9 years I will probably allow this one to expire and see how the market reacts.

    - b/eads
    Working on: staying alive and staying employed
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    @gespenstern

    You seem to be either glossing over my "complaints" or ignoring the assertion all together. Consider these observations...

    If you've read anything I have posted on the CISSP on this an many other boards is the lack of standards being adhered to. I have literally meet dozens of "CISSPs" that have openly admitted not being qualified to sit for the exam. Many in the interview room. If this is what the CISSP is today, its simply no longer valid as a measure of competence. Thus like any other "hot" or in demand exam becomes outmoded and less and less valued. This is why the CISSP should be considered to be an entry level exam, though ISACA is coming out with a new 0-3 year exam this month if I recall.

    Second, go through and read this board in particular. All to often you read of people who clearly are not able to meet the spirit of the rules to sit for the test but have some flimsy or light connection to security. Why the sudden urge to become a CISSP? Well, there was a time when it was an instant job. Maybe it still is today. More fraud doesn't do the security industry much good if you can't trust the people in security in the first place. Ethics aside and perhaps real industry knowledge by all means get certified. I will not hire you because you have certificate, no ethics or integrity, let alone any real knowledge of the field your "certified".

    I know this sounds like a rant to many new people either wanting into the field or those who have just gotten their certificates but fact is - been dealing with frauds most of my career. Decades worth of constant frauds. The older you get the less tolerant of some shortcomings you tend to become. I am hardly the first. Most people just see this exam as the ticket to a job without experience, ability or clue as to where the power button is.

    You indicate that I have no recommended action(s). Yes, I have repeatedly said everyone should be audited. First when they are to be awarded the exam and every renewal cycle. Existing CISSPs should be taken out of the endorsement business - obviously someone somewhere isn't capable of actually vetting people properly or I wouldn't meet these idiots in the first place.

    Go farther yeah the exam should be more akin to the CPA or legal Bar exams. Several days and or an oral dissertation in front of a board. Degree in a related technical field with transcripts, blah blah. Though I think its a serious mistake to get a degree in "security" when it may not be around in a decade. At least not anywhere in its current form. Sounds like getting a degree in tie-dying art. A bit of a fad but still doable. For now its all marketing hype and the ISC2 has meet the increasing demand for paper practitioners. If you can memorize - you can pass. So much for the last P in CISSP, huh? Much like Cisco getting into trouble referring to CCIE as "Engineers". Doesn't quite make the definition of "professional" either but I digress. Practitioner yes, professional no.

    You arguments only enforce the inherent weakness of the entry level nature of the certification.
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    @beads

    So, in the bottom line, what you saying is, if a person has no experience, but has read a book or two, understood concepts properly and passed the exam successfully, then it is a fraud. At least, I haven't heard anything about other types of fraud from you.
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    @gespenstern;

    Yes. When you present yourself as having five years+ of Infosec experience, promise to abide by the code of ethics and feel free to tell anyone who cares to listen that you "made something up" to get the credential. Yeah, I have no problem calling a spade a spade and a club a club. That person is indeed a fraud and a discredit to the industry, unworthy of either respect or trust.

    If I cannot trust the security team because they got there by lying. I have no need for the security team in the first place. /s A most excellent catch, thank-you for the insight. /s

    - b/eads
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    @beads

    Got it. So the problem, if I get it right, isn't exam itself, but the fact that some people aren't satisfied with associate status and forge their resumes and find some CISSPs who don't pay much attention to background and endorse them, or they do endorsement on their own with resume only. Abiding to code of ethics makes things worse because it means that they deliberately and consciously lied for personal gains and screwed public interest, acted not honorably and so forth.

    Yeah, I agree. That's bad and that's a problem.

    What about complaints to (ISC)2? I think if I have found for certain that someone violated code of ethics, I should send a complaint because otherwise it wouldn't be in best public interest, etc. And I think I certainly will if I come upon such an individual. Public interest is not an empty word for me and I hate injustice.

    I've read some stories about some guys trying to complain about some other guy's plagiarism and it didn't work out. But I don't know anything about this situation first hand so I'm not sure. But if we assume that (ISC)2 doesn't give much sh!t about violations in order to pursue profits then yeah, I would certainly be as depressed as you about this cert and would be thinking about dumping it in favor of something else.
  • dou2bledou2ble Member Posts: 160
    @beads

    Got it. So the problem, if I get it right, isn't exam itself.....

    I think the exam itself is part of the problem too. Technical writers with no experience in IS or IA shouldn't be able to pass the CISSP. It was actually me that said one could pass without really knowing the Cryptography domain. Bootcamps tell you what you need to know but if you asked that student to get up and teach it, even if just a high overview, they wouldn't be able to. This is one big reason I appreciated studying for the ISSEP. You can't fake through this one. You have to draw it ALL out in your head to pass.
    2015 Goals: Masters in Cyber Security
  • kalkan999kalkan999 Member Posts: 269 ■■■■□□□□□□
    Beads,

    AS usual, I both agree with you, and disagree with you. Took me three tries for this test as you know, coming VERY close each time. My reasons for tanking the first two tries had less to do with lack of skills and knowledge, and more to do with confidence, anxiety, AAAAND that I, like others, stubbornly took this test answering the questions as a technician might versus a manager. I had exposure to being a manager prior to, but not really to the extent that I could answer some of the questions based on my actual experience as a manager.
    There are many cheaters out there, and there are ways to find that out quickly. i.e., phone screen followed by Skype or GoTo meetings or face-to-face meetings. Padding up a resume' in today's world will get you 'outed' pretty quick as the 'carpet bagger' or 'paper tiger.' There are a great many people who are not extremely tech savvy who are taking and passing the CISSP because they are sharp enough to grasp the concepts of the domains.
    I ask that you don't marginalize some of these certs, because they are hard to get for a lot of really smart, capable and 100% DEDICATED people. Unfortunately, society is rife with those who **** the system, and ISC2 does a better job than most to try and deter cheating, but nothing is fool-proof. But getting a cert the right way, as in, the way that MOST people here strive for, is an achievement I would never dream of taking away from people. Please consider that a lot of men and women sacrificed their family lives, hair loss, sleep deprivation and general stress associated with taking this exam.
    I am not 'offended' by your remarks, as you have made them in a number of posts before, and I am always there to try to offer a different and dissenting opinion. You are right that cheaters SUCK, and they mess it up for the rest of us in a lot of ways, and run the risk of turning CISSP into the NT4 and Windows 2000 MCSE, but we aren't there yet. So in the mean time, let businesses who have smart people working for them root out the cheating carpet baggers during the vetting process before they are hired. I, too, have met useless people with certs who slip through the cracks, but in this case, one or two bad apples do not spoil the rest of the batch. I know a LOT of really great CISSPer's and associates, and ISSEP, CSSLP, etc., and they are upset that people get their cert in unscrupulous ways. However, Beads, such is the case in just about every field of study, sans the advanced sciences and engineering.
    Yes, a lab environment would be preferable, BUT that is a difficult undertaking considering the fact that ISC goes out of its way to NOT be vendor specific, which means that the dilemma is 'what vendor products does one use in the lab portions of the test/s without the other vendor/s crying foul for not using their product/s instead?'
    Aspiring CISSP and other Information Security certification pursuers: Stay the course. these certs are valid and useful if you use them correctly to move you and your career forward. ISC will be the first to tell you that getting your CISSP is a first-step into a long and profitable career. Truth be told, the US government requirements for DoD 8570 might limit your advancement, but there are even avenues in that realm where you can excel and rise above the rest.

    -Kalkan999
  • E Double UE Double U Member Posts: 2,240 ■■■■■■■■■■
    kalkan999 wrote: »
    Beads,

    AS usual, I both agree with you, and disagree with you. Took me three tries for this test as you know, coming VERY close each time. My reasons for tanking the first two tries had less to do with lack of skills and knowledge, and more to do with confidence, anxiety, AAAAND that I, like others, stubbornly took this test answering the questions as a technician might versus a manager. I had exposure to being a manager prior to, but not really to the extent that I could answer some of the questions based on my actual experience as a manager.
    There are many cheaters out there, and there are ways to find that out quickly. i.e., phone screen followed by Skype or GoTo meetings or face-to-face meetings. Padding up a resume' in today's world will get you 'outed' pretty quick as the 'carpet bagger' or 'paper tiger.' There are a great many people who are not extremely tech savvy who are taking and passing the CISSP because they are sharp enough to grasp the concepts of the domains.
    I ask that you don't marginalize some of these certs, because they are hard to get for a lot of really smart, capable and 100% DEDICATED people. Unfortunately, society is rife with those who **** the system, and ISC2 does a better job than most to try and deter cheating, but nothing is fool-proof. But getting a cert the right way, as in, the way that MOST people here strive for, is an achievement I would never dream of taking away from people. Please consider that a lot of men and women sacrificed their family lives, hair loss, sleep deprivation and general stress associated with taking this exam.
    I am not 'offended' by your remarks, as you have made them in a number of posts before, and I am always there to try to offer a different and dissenting opinion. You are right that cheaters SUCK, and they mess it up for the rest of us in a lot of ways, and run the risk of turning CISSP into the NT4 and Windows 2000 MCSE, but we aren't there yet. So in the mean time, let businesses who have smart people working for them root out the cheating carpet baggers during the vetting process before they are hired. I, too, have met useless people with certs who slip through the cracks, but in this case, one or two bad apples do not spoil the rest of the batch. I know a LOT of really great CISSPer's and associates, and ISSEP, CSSLP, etc., and they are upset that people get their cert in unscrupulous ways. However, Beads, such is the case in just about every field of study, sans the advanced sciences and engineering.
    Yes, a lab environment would be preferable, BUT that is a difficult undertaking considering the fact that ISC goes out of its way to NOT be vendor specific, which means that the dilemma is 'what vendor products does one use in the lab portions of the test/s without the other vendor/s crying foul for not using their product/s instead?'
    Aspiring CISSP and other Information Security certification pursuers: Stay the course. these certs are valid and useful if you use them correctly to move you and your career forward. ISC will be the first to tell you that getting your CISSP is a first-step into a long and profitable career. Truth be told, the US government requirements for DoD 8570 might limit your advancement, but there are even avenues in that realm where you can excel and rise above the rest.

    -Kalkan999

    It was great to read this with my 3rd attempt coming up.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    Its true. I am sure that if I were to ask the same question on a Financial Planners board or Certified Arborist, etc you'd get much the same effect if not the same or similar complaints.

    @Kalkan999

    I am not offended by any means and familiar with the background and story. Will say you are the personal realization that the CISSP is an experience based exam. Others think of it as some sort of management exam when there is clearly nothing you'd learn in business school or we'd have an even bigger problem on our hands. LOL.

    Don't feel guilty about not passing right away. Its about how well you take a psychometric test more than the actual words on paper or screen. Ummm...! Oh yeah still prefer the paper test but you already knew that as well. (*wink*)

    As far as outing these fine, smart folks. You bet I do. Had one nearly in tears before leaving the interview room last week. Fraud, more fraud, even more fraud. Took me a good 10 minutes to set up the final blow. Was mean? Yes. Was it necessary no but neither is the inherent waste of my time as well. Am I a "mean" person? Not by trait - much the opposite by nature. But lie well enough to get by the first few steps and make it to me and be unprepared for wrath? No. Too many times and I have heard the stories all fall apart quickly like proverbial dust in the wind. I seriously dislike liars and frauds - particularly within security. Starting off with a set of lies in this field and you want me to still trust you? Get real. Thats what the "profession" or practice is all about - trust.

    My personal prediction is that in a couple to few scant years we are going to look back at the next wave of CISSPs and realize that the ISC2 has been lowering the requirements over these past few years to make the market. Not naming names but if you read some of the past quotes such as: "I (or we) need to find another two million CISSPs in the next couple of years..."

    Ummm,... yeah. Two million? Do they have to be experienced or just able to carry the sign that says "qualifed CISSP" will work for food... errr, whatever.

    Easier and easier to get and maintain your CPEs, the quizzes have become easier and easier and there are now more ways of obtaining those CPEs than I thought imaginable a decade ago. "What me worry..?" Nope. Personally, I take my cue from others before me and differentiate by the test number. The lowest number wins, by the way.

    Take care all.

    - b/eads
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    dou2ble wrote: »
    I think the exam itself is part of the problem too. Technical writers with no experience in IS or IA shouldn't be able to pass the CISSP.
    There's no way to distinguish in a computer-based testing purely theoretical knowledge from knowledge derived from practice. At least, I'm not aware of any. So if someone studied and understood concept and passed the exam -- it is okay. It confirms that this certain guy knows theory on at least 700 out of 1000.

    Again I would suggest to apply 'one with no experience shouldn't pass' concept to electronic security and fire systems. How many CISSPs out there have on-hands experience in these domains?
    dou2ble wrote: »
    It was actually me that said one could pass without really knowing the Cryptography domain.
    Sorry for not recognizing that...
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    Yeah, that's why its next to impossible to solve the corundum by exercising ethics. Problem is since there's a job in it for someone, ethics generally takes a back seat. With the information available or similar field it should be all but guaranteed that you should be able to pass nearly anything. Series 7? Sure! Ethics? Probably not. But there is more than enough information out there to get you through the exam. Only true professions, MD, legal bar require a formal, recognized degree program from an accredited institution, etc. Frankly anyone can call themselves a "Security Professional" and do so quite legally. Nothing stopping you but the that last mile: ethics. That we have quite the defined shortage of ethics is a stunning understatement.

    And no one has the perfect hands-on background in security to pass this exam. That has always been understood as part of the exam. When I took the exam I'd say I would have been close performing all ten domains plus audit and management for many years as a stand alone IT and Security "team" for a near mid sized business (over 100 employees). Likewise, I am not a lawyer but have no trouble with the legal and regulatory sections. Next to physical security its the easiest domain for me to keep up on. Everyone has there strengths and weaknesses.

    Haven't seen anyone refute the fact that the ISC2 is making the exam easier over the past few years. Stop complaining before we have to issue certs for an application fee only. Sure that will be next.

    - b/eads
  • dou2bledou2ble Member Posts: 160
    You're supporting my argument for why the current test questions and testing method's are failing.

    One with no experience in any of the domains should not be able to pass this test. One with experience in at least a few of the domains should be able to pass. The Security + is for entry level. Is it really ok to only have to study for a test that market's itself as for "Managers" and be able to pass with no experience? You're saying it is ok, so which security cert should managers and CIO's have? Shouldn't they be more knowledgeable and attain a higher cert than entry level?
    2015 Goals: Masters in Cyber Security
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    @dou2ble;

    That is the corundum isn't it? How do we as a community vet our knowledge, exams and last but not so improbable, measure the ethics involved? My "King for a day speech" basically revolves on one of the main tenants of a profession in the first place - self regulation and the application of ethics. If people in the security industry we'd, of course have no vetting difficulties like we have today. (*Queue drum roll and cymbal*)

    This leads me to not only mistrust but NOT trust security people in general. From what I have seen and meet, the majority have taken some "significant" shortcuts in getting to where they sit today, career-wise. Interviewed dozens of candidates in the past couple of years. Most haven't been worth the effort to formulate a complete sentence in response to there ineptitude when it comes to knowing anything but a few theoretical ideas or basically come across as proud graduates of some "Blab-blab school" Blab school - Definition and More from the Free Merriam-Webster Dictionary

    In essence, dou2ble. I feel ya. I don't know how to fix it. Clearly, it bothers me a great deal otherwise I wouldn't sound so preachy on this board. Suggestion box is open.

    - b/eads
Sign In or Register to comment.