Share

Related Stories

  • Information Security Certifications: Badges of Dishonor
    Gregor Campbell questions whether those who earn their CISSP are truly capable information security professionals, just by virtue of having passed an examination
  • RSA Europe 2012: Information Security Industry Must Fix Skills Gap says (ISC)2
    Speaking to Infosecurity at RSA Europe on 09 October 2012, John Colley - managing director of (ISC)2 EMEA – declared the skills gap in the information security industry a “big problem” and suggested that entrance into the industry for graduates is dangerously difficult.
  • Interview: John Colley of (ISC)²
    You’d be hard pressed to find anyone in the UK infosec industry who doesn’t know of John Colley. He is to infosec what Simon Cowell is to the music industry – a true figurehead (albeit, less scary). He doesn’t attribute his high profile to his impressive CV though – instead, as Eleanor Dallaway finds out, he believes it to be the result of his networking with helpful peers over the years

Top 5 Stories

Feature

Information Security Certifications: Is the CISSP Just a Badge, or Is it More?

07 January 2013
John Colley, (ISC)²

John Colley defends the merits of the CISSP exam and warns that it's not as easy as some think

The (ISC)² is a pioneer organization that, with its CISSP certification, has become the dominant international professional body for information security, and also the favored target for critics. As a board member, chairman for two terms, and now a member of the senior team, I have witnessed – over 14 years – the steady progress of our ability to respond to expectations. I have also understood generally found the critics’ opinions to be founded in myth and misunderstanding.

Personally, I succumbed to the biggest myth of them all: that the examination is easy for anyone with a modicum of experience. I chose to take the CISSP exam in 1998 when I had seven and half years of experience and was convinced that I knew enough to pass it. I found the examination one of the toughest I have ever taken and finished it with no idea about whether I had passed. I did pass, however, and within six months I became an active advocate for the development of the information security profession. The existence of (ISC)², the not-for-profit body that developed my new certification, provided a facility for me to do so.

Since then, in contrast to critics’ claims, over time the examination has become more difficult as the amount of knowledge relevant to the discipline has exploded. Membership has grown, not because of a dumbing down of the examination, but due to a ramping up in the recognition of information security’s importance.

The myth that the CISSP is ‘all American’ is perhaps understandable as it is borne in truth from the early days when the common body of knowledge upholding the CISSP was based on the experience of the then, nearly all American membership. It is worth noting that all (ISC)² certifications are a reflection of the membership. Currency is maintained by regular job task analysis (JTA) surveys and a rigorous process of confirming validity through external references. Our examinations are not the fabrication of a small, commercially driven group sitting in our US headquarters. Herein lays the root cause of why the CISSP has earned its standing. The early pioneers defined the practice and set the foundation for a profession with their collective knowledge and commitment to make it known.

Almost 25 years later, this process continues. Our most recent JTA injected the knowledge required of current technology topics, including cloud, social media and mobile computing. Test development reflects the collective experience of the membership, experience that inherently gets deeper as we grow to serve more people working from more countries.

Any qualification demonstrates commitment: the commitment to study for them; the commitment to maintain continuing education; and, in the case of our qualifications, the commitment to follow and abide by a code of ethics. All (ISC)² qualifications are accredited to the ISO 17024 standard, which requires they be a valid test of competency. Employers understand those holding these qualifications have made an effort to gain the base knowledge required of the discipline and are committed to continuing their professional development. This provides a good baseline for the hiring process. I would never suggest, however, this is all that is required.

Our members expect benefits that go beyond the mere possession of a qualification. They demand and receive support for their continuing professional education, but they also want recognition for the profession they have chosen and to have a voice in this community. As (ISC)² develops its leadership role, this is exactly what is being achieved. Members have the opportunity to be active in independent local chapters, increasingly influential regional advisory boards, and to participate in formalized ambassadorship programs.

I welcome criticism as a sign of our progress and a positive force pushing our development as an organization. We perhaps should do more to communicate this progress. All too often, however, it comes from those seeking to be seen as a rare or elite commodity, rather than part of a growing and valued community. At a time when many are beginning to voice concern over a skills shortage, such criticism appears ill-placed – but that is the stuff of another conversation.


John Colley, CISSP, is the managing director EMEA and co-chair of the European Advisory Board for (ISC)²

This article is featured in:
Application Security  •  Internet and Network Security  •  Malware and Hardware Security  •  Public Sector  •  Security Training and Education  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×