RSA Conference 2014: Celebrating Milestones, (ISC)² also Revamps its CISSP Exam

Infosecurity sits down with Hord Tipton at the RSA Conference in San Francisco
Infosecurity sits down with Hord Tipton at the RSA Conference in San Francisco

Hord Tipton, former CIO at the US Department of Interior, and current executive director of (ISC)², has been affiliated in one way or another with the organization for more than 13 years. It was back in the 2001/2002 timeframe, when at Interior, that he asked is then CIO for a tool or certification that would allow him to better assess the practical skills of those working in the department.

“I didn’t know (ISC)² from the man on the moon”, the often jovial Tipton commented. “But the more I learned about it, the more I liked what they did.”

Back then, Tipton relays, it was “nice to have a CISSP” certification, but in today’s market – especially for most government security jobs – the certification has become mandatory.

We asked Tipton about requirements for taking the CISSP exam, and he assured us that any person off the street can’t test their chops against it. “You need a minimum of five years of experience in the industry”, he says. “CISSP is a minimum competency”, he reminds us. “It’s not the celling.” That’s why, to maintain the CISSP credential, recipients must obtain 120 CPE credits every three years for recertification.

And as the organization celebrates 25 years and closes in on the 100,000 member milestone, Tipton outlined the most comprehensive changes in the history of the CISSP exam. He said that the first phase of this transformation was completed in February, as the exam began moving away from multiple choice questions. Tipton expects that when the overhaul is complete, 40% of the material on the CISSP exam will be brand new, with more questions that emphasize monitoring and sections reserved for emerging technologies, including mobile, cloud, and forensics.

“Going into our next 25 years, we have undertaken a complete rebuild of the CISSP exam”, Tipton said. He also expects that over the next several years, (ISC)² will continue its push into the education world, expanding its (ISC)² Foundation, developing more partnerships with academic institutions, even branching out into the high school level through a pilot program in Florida.

“New technology will allow us to deliver services in a more smooth manner”, he noted, referring to recent news that (ISC)² will now offer computer-based testing at centers around the world, and he anticipates that virtual testing options will be available in one to two years. “As our credentials continue to grow”, Tipton added, “we are moving away from old print models to offer materials and training in electronic formats.”

What’s Hot on Infosecurity Magazine?