CISSP - is it worth it?

There is still plenty of debate on the airwaves about the value of the CISSP certification. Martin McKeay on his Network Security blog states “it’s not meant to measure someone’s networking knowledge and using it to do so won’t work.” He’s right of course in the same way as passing a test on the highway code doesn’t mean you have the ability to reverse into a parking space. But for all the criticism I’ll make one point: it is a difficult exam that does require a lot of knowledge to be sure of passing. One could argue that someone might pass based on their theoretical knowledge alone but I’m not sure that it matters because if a person is willing to put the effort into the learning process then they should be given a chance to gain the practical skills too.

Another blog makes a point that “I think the root of the problem is the concept that the CISSP somehow measures technical competence. ” The root of what problem? I don’t see it – the only problem I can see is cynical, long-in-the-tooth, professionals who turn their noses up at people attempting to enter their cliche through the hard study and certification route.

The CISSP certification (which I’m proud to have achieved) demonstrates a willingness to apply self-motivated effort into an indepth and often complex subject matter. I had a colleague a few years ago who sponsored himself through a private pilot license training course on single engined aircraft. That didn’t mean he then had the skills to fly multi-engined passenger jets but it did demonstrate his willingness and enthusiasm for the flying. It was that which got him picked to join an airline training programme and he now flys big jets…

So, my advice to those contemplating sitting the CISSP exam. Go for it and good luck!