So I took the test and I was done in about an hour and I felt like I just wasted those two weeks. It seemed very easy to me. I couldn't believe it. Yes there were some Orange Book and CCTV questions, but I really only needed to study for that for a few days. I really over did it. But whatever, I passed (so I found out weeks later) and life is good.
Now over the past decade or so since then here is what I have noticed:
- The worst security professionals I've ever met had a CISSP
- Most of the really bad security professionals I've met had their CISSP
- I've met a lot of CISSP's that had no real world security experience and were using the cert to try to break into the industry, some have never even worked in IT
- A large number of really good security professionals don't have their CISSP
- I personally know a lot of people who have taken the test, and I have yet to every meet anyone who hasn't passed it, I'm not sure anyone fails it
It turns out I'm not the only one that has noticed those five things. This has lead a to a large number of leaders in the security community to call out the CISSP as worthless, or worse. It doesn't give any assurance that the holder of the cert is competent or experienced. Heck, it doesn't even do the job of establishing a common language in our community. What this means is the cert is getting less valuable, which is bad for everyone that has it. And I think bad for the industry, I think a generic cert like the CISSP could ad a lot of value if done right. I know others disagree, but I'm an optimist.
What this means for you:
If you don't have a CISSP, don't get one until this is fixed! Seriously, stop using it to try to get a job. If you have a job, look elsewhere to advance your career, you won't learn anything worthwhile getting a CISSP as it is today.
If you do have one, then vote for new leadership! Go here: http://www.novainfosecportal.com/2012/08/23/unofficial-isc2-board-petition-central/ and sign the petition for those four fine people who are looking to fix these problems and when the time comes vote for them, and only them. And every time you get those elections emails from the ISC2, don't ignore them. Look for reformers and vote them in. It make take some time but let's get enough reformers on the board to get this cert and all certs by ISC2 fixed!