CISSP Lapse

I am not even sure I should be asking this here, but I am on the fence on whether or not I should let my CISSP lapse.

I have had the cert since 2004 and it is currently up to expire next summer. I know that it is easy to maintain, but only if you are in a security position, which I am not longer in. By next summer, I will be lacking 40 A type credits, which means I will have to devote time that I don't really have to a cert that I don't currently need.

My thinking is that I can still put it on my resume as expired and I have a good answer to why I let it lapse. I think I spent enough time in security and will not actively seek any security jobs, esp mgmt ones.

I guess I'm really would like to hear that I am not a crazy fool if I let it lapse, but maybe I am.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

dynamik

Just curious, what type of work are you doing now? It seems that having a big one like that on your resume would look good and help set you apart from other candidates. Even if you're not in a security-centric position, being able to demonstrate you also have a solid background in security might prove to be beneficial.

JDMurray

Given the importance of the CISSP in getting InfoSec jobs, this is a major career decision for you. Letting your CISSP "in good standing" status lapse will not only rid you from the task of collecting the CPEs, but will also save you the $85/year in AMF. Putting "CISSP (EXPIRED)" on your resume is the ethical thing to do; it is quite likely that many employers who look for "CISSP" may not care that you are no longer "in good standing." If you encounter an opportunity in the future that requires "in good standing" status, all you need do is pass the CISSP exam again and you'll have it back. The endorsement may not even be needed because you were previously endorsed for your work experience.

All that being said, you'll need to make this decision about your career direction yourself.

Cyanic

I started my carrier in Security but went to school for networking. I am currently a Network Analyst and I work closely with IT security; I do a lot of monitoring, troubleshooting and packet capture and analysis.

I am studying for my CCNP and also have other things in my personal life that makes it difficult to devote the amount of time required to keep the cert. I went though this the last time, 2007, and paid for and attended a Jr College IT Sec class just to get my CPEs. I would have to do something similar again. I really don't mind the $85 fee.

I most definatly would put "expired" next to it. I have a great skill set so I would hope that would trump an expired vs current CISSP, but you never know. I still have a year before it expires, so I am not putting anything in stone quite yet.

shednik

I'm not sure what classifies what CPE type is what but if i had to get 40 and they matched up to the correct type I'd say this is the best way to go.

Penetration Testing Training and Certification - BackTrack Training

JDMurray

I don't know how many Type A CPEs they give for attending a security class. It'll either be by the hours attended or by the credits earned. I just attended a four-day security conference and claimed 24 Type A CPEs for my CISSP. Meetings, conferences, and symposium are definitely by the hour, so you can rack up CPEs fast by attending several free security events.

Cyanic

JDMurray wrote: »

I don't know how many Type A CPEs they give for attending a security class.

Its a 1 to 1. So if you attend the entire course, you get 16 weeks x 3 hours/week = 48 CPEs. You get no CPEs for study time, and I believe you have to pass the course.

UnixGuy

I really recommend you maintain your CISSP status. It can open up doors, even if your job is not directly in InfoSec, having a CISSP will definitely give you credit for higher positions, and It's not easy to pass the exam again I guess.

Cyanic

I just got to do a 4 day advanced Aruba wireless training. I just barely made it into the class.

I also may get to do Juniper IVE (VPN) training, 4 days also sometime within the next year.

Things are looking up for keeping the cert.