The Value of a CISSP

Magnifying Glass Looking at Job Section of NewspaperLocal blogger Laura Raderman put out a great post last week titled “(ISC)2 and the CISSP.” I think she’s right on point in expressing how a lot of us feel regarding the (ISC)2, the CISSP, and the value they add to the security profession. Basically … meh … but need it to keep the job…


Let me first start off with the disclaimer that I am a CISSP and (nominally) a member of (ISC)2.

I’ve been part of very few professional organizations throughout my career and college days. I even shied away from the women in engineering groups on campus, although I knew a lot of women in them. I tended towards the ad hoc, social groups instead. Blame it on the Cotillion club I was (forced to be) a part of when I was in high school, I just don’t like paying to be part of a “club”. I pay (ISC)2 only because I have to to keep my CISSP (and to other organizations for the same reason), I’m not a member because I believe in their mission or their goals. I think they’re overpriced and useless to me other than maintaining my credential (which is another can of worms…).

I’m more likely to be found at the local Linuxchix get together, or NoVAHackers because they are cool people who just happen to have the same interests I do. Yes, we’re “organized”, but I don’t have to pay to be part of the group (other than food and drinks, etc…). These folks I consider friends.

With the behemoth that is (ISC)2, I don’t even feel like part of the group. I’m assigned a number and then go on my merry way as long as I keep paying every year and submitting my CPEs. Which I’m perfectly happy to do.

I think the (ISC)2 has admirable goals, I’m just not motivated enough to care about them that much. I don’t participate in the elections (much), and I always pass up the proctor CPE opportunities and exam review opportunities. Could I help change the organization if I participated more – probably. And Wim Remes is trying to do just that by running for the board.

I don’t know what percentage of other CISSP holders feel like I do, but I’m sure I’m not the only one. And I’m not even sure that there’s anything (ISC)2 can do to change that – it’s not their “fault” we don’t care.

Any ideas or suggestions? Or arguments on why I should care more about the organization?

Original article here.


Laura works for Gemini Security Solutions where she oversees security assessments. Gemini Security Solutions, Inc. was founded in 2001 to provides information security consulting services.

7 comments for “The Value of a CISSP

  1. September 20, 2011 at 6:59 am

    #novablogger The Value of a CISSP

  2. September 20, 2011 at 8:53 am

    Guest post with some great commentary on the ISC2 & the CISSP.

  3. September 20, 2011 at 8:53 am

    Guest post with some great commentary on the ISC2 & the CISSP.

  4. September 20, 2011 at 8:53 am

    Guest post with some great commentary on the ISC2 & the CISSP.

  5. September 20, 2011 at 4:00 pm

    Is $85/year worth it to be part of the club? Probably but it doesn’t mean we have to like it.

  6. September 20, 2011 at 11:27 pm

    Here’s another interesting article related to this topic as well.

    “Security Certification: Change Is On Horizon, But Hiring Is Still The End Game”

    While some security pros grouse, well-known certifications still rule in hiring circles

    Do you need a lot of letters after your name in order to be a successful IT security professional? Nope, but those letters do make a difference in the hiring process — and that process isn’t likely to change anytime soon, experts say.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.