Being a CISSP

There is a lot of talk around lately about the CISSP and it's value as a certification and how it compares to other security certifications. Martin (here and here), Michael, Daniel (here and here), and Rich have all chimed in and I'm sure others that I've forgotten about. The common theme is that each cert has it's own value and that value differs for each person.

This post is not about whether or not the CISSP is the best certification as some think it is. It's not about whether or not it's technical enough or whether or not it still holds value as some have argued for and against. This is about what being a CISSP means to me and how it has helped my career.

I first decided about 3 years ago that I wanted to become a CISSP. At that time I was still doing lots of hands on technical work and was spending my spare cycles learning technology and decided to hold off on pursuing it. Around January of 2006 I decided that it was time to start getting serious about pursuing a vendor neutral security certification. I took a long hard look at what I felt would help my career the most. I was considering the CISA, CISM or the CISSP. I talked to people who held these certs and some who held a couple of them. I asked them about what value they held for them, how the felt that they benefited from them, what was involved in getting them and so forth. I also did lots of research on them and felt that the CISSP was the cert that held the most value for me.

I must admit that when I got the email telling me that I had passed the test I was VERY excited. Even though at that time I had talked to a few people who are CISSP's and they were very unhappy with ISC2 and the direction that they felt the Organization was heading. For me it was a big deal. It was the culmination of lots of hard work preparing for the test (plus it meant that my employer would reimburse me the $600 test fee). It meant that I now had a leg up on some jobs that I would not even be considered for without either the CISSP or the CISA or CISM.

Whether or not you feel that it has merit, value or is a big waste of letters it has been very good for me. It has gotten me interviews that I would not have gotten otherwise. When I was laid off in May of this year the recruiters were knocking down my door to talk to me because of those 5 little letters after my name. It also played a big part in getting me the job that I currently have. They were looking for someone who was a CISSP. That was one of their requirements even if they weren't really sure why. If I had been a CCIE I may have gotten another position with the company but not the Security Manager position.

So being a CISSP has been very good to me. I'm still proud of the fact that I hold this certification and that it opens doors for me. I'm proud that being a CISSP still does mean something in many circles (even if they aren't all security circles). I'm glad that I chose the CISSP over the other 2 I was considering. Unless something drastic happens in the next few years I will make sure that I pay my yearly dues and get my yearly CPE's to maintain it. I hope that those who have concerns about the ISC2 and it's direction get some answers that they like and that the CISSP continues to hold value to all that obtain it.

The CISSP is not the cert for everyone. It depends on what your career goals are and where your interest in security are. It may be the best thing that you do for your career or it could be just another bunch of letters after your name. I think a lot of it's value depends on you and how you use it.