C|ciso

So, EC Council is now taking applications for C|CISO - grandfathering. If you join the LinkedIn Information Security Careers Network Group, you can get a code for 15% off the certification fee.

https://www.eccouncil.org/ciso/join-now

I am a little ... irritated ... about this one, what exactly justifies a $200 ANNUAL fee? It seems excessively cost-prohibitive.

With the other fees I'm required to pay to ISC2, CompTIA, and ISACA, now another $200 per YEAR if i ever want to get the C|CISO? This is out of control. What next, a $500 annual maintenance fee???

It's getting to the point where the maintenance cost is going to be a deciding factor on future certifications, when I can't guarantee that my future employer(s) will always be willing to foot the bill for my AMFs.

Aside from that issue, I'm curious to find out from others - do you think this certification seems worthwhile?

Find more posts tagged with

Comments

swild

Unless I have an employer that insists on me having an EC-Council cert and is willing to foot the bill entirely, I will never pay EC-Council a dime. They really just seem to be in it for the money. Their website is a joke and they hardly have any information online about any of their products that you can buy through the site. Then there's EC-University or whatever they call it. They want you to pay how much without telling you anything about the program? I don't think so.

Falasi

based on my understanding of the domains for C|CISO , it covers part of many certifications: PMP , CGEIT , CISSP , CISA/CISM and finally no certification to cover Strategic Planning & Finance ( I can't relate the last section, they didn't also).

"Jack of all trades" is the first thing that popped into my head when I read domain exemptions. the question will be if the industry and HR will consider it this way or not. either way its too early to say.

my 2 cents~

JDMurray

I'm guessing the cost of this cert is based on the target market, which appears to be those people who are closer to the Chief InfoSec Officer level than those of us InfoSec people fighting in the trenches. The idea may be that businesses--not individuals--will be paying for this cert, its training, and its maintenance. ECC has to charge more to make profit because this cert has such a small target market as compared to lower-level, cheaper InfoSec certs, like the Security+.

Quantumstate

I considered CISO, but I'm going for PMP after I test for CEH this Saturday.

Do some research and get the certs that -pay-.

htebazile

Thanks everyone, I appreciate hearing different perspectives on this.

I am not interested in trying to be grandfathered in, and I don't think I will want it in the future, either. $200 per year, no matter who pays for it, is too much - it's not like you get anything tangible from paying the AMF. A former co-worker of mine is applying for the grandfathering though.

I would like to get the PMP eventually. I am about to start the WGU MS ISA on July 1st, so I will wait until I'm finished with that before I study for the PMP.

paul78

Don't forget the $350 application fee

I have never run into any CISO's or senior infosec managers that hold this cert. And I never heard of the certification before but thats not saying much.

Is the knowledge in their materials any good? I am curious if you have it or know folks with it. How if the cert received? Thanks.

the_hutch

htebazile, given that you already have CISSP and CISA, I don't think it would be a worthwhile investment for you. If anything, I'd say any EC-Council certification at this point would be a step back for you.

htebazile

paul78 - I believe it's a new certification recently created by EC-Council... that's why they are letting people be grandfathered.

the_hutch - thanks. I am going to get one more EC-Council cert as part of the WGU MS-ISA (CHFI) but after that I'm probably done with EC-Council.

SephStorm

JDMurray wrote: »

I'm guessing the cost of this cert is based on the target market, which appears to be those people who are closer to the Chief InfoSec Officer level than those of us InfoSec people fighting in the trenches. The idea may be that businesses--not individuals--will be paying for this cert, its training, and its maintenance. ECC has to charge more to make profit because this cert has such a small target market as compared to lower-level, cheaper InfoSec certs, like the Security+.

Just my view, they should be worried more about making the products they currently have better rather than making a new cert.

JDMurray

ECC sees an opportunity to grab a foothold in an emerging target market and they're going for it. That sounds good to me. It's the consumer public that will indicate to ECC if their product needs improving or not. "Adapt or die" is a credo of capitalism.

HLRS

i dont think it will become popular anytime soon by HR, CISSP is still on top.

Quantumstate

My post was removed, so the mod is allowed to talk politics, but I am not.He's lost all credibility as far as I'm concerned.

paul78

@JDMurray and @htebazile - do you think that market exists? I was going through their materials and while it looks interesting - it looked a bit wishy-washy.

@HLRS - In my experience, HR doesn't play a big role in deciding the hiring of senior managers.

@Quantumstate - huh? what politics? I think we were discussing the business of certifications and the value placed by individuals and companies that hire those individuals.

Quantumstate

As I say, my post was removed so of course it doesn't make sense.

afcyung

Honestly it looks more like a money making scheme than a legit certificate.

JDMurray

I honestly don't know if a market for CISO-minded people exists. If it does, it's a much smaller market than the one interested in certs like A+, N+, and S+. This means that all of the costs associated with a CISO cert will likely be much higher than the typical IT cert.

But these things are best discussed only by people who understand the difference between politics and economics.

swild

JDMurray wrote: »

I honestly don't know if a market for CISO-minded people exists. If it does, it's a much smaller market than the one interested in certs like A+, N+, and S+. This means that all of the costs associated with a CISO cert will likely be much higher than the typical IT cert.

But these things are best discussed only by people who understand the difference between politics and economics.

These are both excellent points. If they wanted to make as much money off of CISO level certs as they make off of the CompTIA level certs, they should probably charge at least 10 times these already outrageous prices. There are just so few C-Level execs that would even be interested.

I am doing my capitalistic part by not paying for ECC certs until they improve their entire organizational goal.

Quantumstate

Yep, condescending attitude here. No more contributions from me.

afcyung

JDMurray wrote: »

I honestly don't know if a market for CISO-minded people exists. If it does, it's a much smaller market than the one interested in certs like A+, N+, and S+. This means that all of the costs associated with a CISO cert will likely be much higher than the typical IT cert.

But these things are best discussed only by people who understand the difference between politics and economics.

The problem I see with the ECC cert is compare its cost to a CISSP-ISSMP. ECC 200 in annual fees VS 120 for a CISSP-ISSMP. The domains of the cert are similar and they are targeted at the same audience. an extra 35$ for ISSMP concentration is not much higher and its more recognizable. I don't see how ECC can justify their cost when you compare it to the ISSMP.

paul78

@afcyung - The expense really isn't going to be much of a factor to those that are seeking that certification.

The problem that I was having with the new ECC cert is that it's called CISO which just seems so pretentious and over the top to me. And the grandfather concept seems so odd. If someone is a CISO - they don't need ECC to verify their work experience, their resume and professional contacts is all that is needed. So that kinda leaves the question about who they think they can make money off?

I was thinking to myself as I was reading the ECC site - if I saw someone use the CISO designation in their title and they were a CISO would I chuckle? What about if I saw the CISO designation in the title of someone that was not a senior Infosec manager, would I then roll-over laughing?

How would you guys react seeing that designation?

@Quantumstate - I did see and read your posting which was removed. It really had no place in this forum which was why I was confused by it. I hope you do choose to contribute if you believe you have value to add. This community actually has people from all over the world and from all different levels who bring perspectives that allow all of us to grow as professionals.

afcyung

While I am sure you are right Paul78. It just seems that ECC is more interested in making money than improving the Infosec Community. I don't see how they can be competitive against ISC2 when their less known cert costs more.