Dave Kennedy - Blog Post

g33k3rg33k3r Member Posts: 249 ■■□□□□□□□□

Comments

  • ErtazErtaz Member Posts: 934 ■■■■■□□□□□
    g33k3r wrote: »

    Nice:

    [FONT=&quot]What I’m working on personally:[/FONT]
    [FONT=&quot]One of the big ideas I introduced in Q1 and have requested feedback on from a number of members thus far was the ability for designations within the ISC2/CISSP realm. There are a TON of great certifications out there; for example, the ones that I hold highest still to this day are the offensive-security courses (OSCP, OSCE, etc.). Not just offensive, but also defensive ones as well. Folks that are QSAs, ISO certified, IR handlers, researchers, coders, and more. I think those should be recognized within your ISC2 portfolio and designations assigned to help focus your profession. I’m working on a presentation and document that I’ll share with everyone to present to the strategy committee first (which I am the co-chair on) as well as the board for Q4 on my recommendations. My goal is to have designations on top of the CISSP that allow businesses to determine their focus and skills quickly while providing a much needed backing to the CISSP. For example, having an OSCP plus years of experience as a pentester could give you an “Offensive” designation (don’t quote me on the words yet), so more of a CISSP-Offensive with having multiple designations. Maybe having a SANS defensive cert or even years of experience in a given area allows you a CISSP-Defensive or Expertise designation so you can hone your skills and show progress. This would be validated by ISC2 and reviewed to ensure you meet the qualifications and allow you to stay relevant in those areas.[/FONT]
    [FONT=&quot]An example:[/FONT]
    [FONT=&quot]David Kennedy
    CISSP-Offensive
    CISSP-Defensive
    CISSP-Incident Responder
    [/FONT]

    [FONT=&quot]For me, I would love to read a resume and show relevant experience associated with the skills that I know I’m good at. This doesn’t mean it will be implemented or will be done – it is still an idea and needs to be vetted out and pushed through the members to see if it’s a good idea. In addition, with integration with the digital end to end (DETE) project, it would be easy to identify/relate with others, job opportunities, and the ability to grow as an ISC2 member as you grow individually in your profession.[/FONT]
    [FONT=&quot]This isn’t just a CISSP thing either, ISC2 has a number of other certifications and great ones that continue to expand. Most folks know ISC2 from the CISSP but there are a number of other certifications that provide recognition and credibility based on level of experience and ability to go through the examination process. My goal is to focus on that progress and how to better build strategy around how to leverage existing certifications and new ones to better promote your knowledge and expertise. More to come on this soon, and I’m excited about it.

    [/FONT]
  • beadsbeads Member Posts: 1,533 ■■■■■■■■■□
    (*Hal computer voice says*)

    Sure Dave, just be absolutely rigorous in your vetting otherwise those skill based certs you mention above become nothing more but a more watered down version of the mess that has become the CISSP.

    - b/eads
Sign In or Register to comment.