Value of CISSP status

CISSP_logo.jpgIt’s been a while since I updated my CISSP certification with CPE credits. In fact, I’ve not even thought of it even though I’ve got plenty accumulated and was wondering why I continue to pay the annual subscription fee year after year. Am I getting any value from it?

On saying that, I’ve been giving some encouragement to a techie in the office who is presently working towards his own CISSP certification. Working through the various domains seems to have sparked a deep interest in the subject for him, and I’m pretty sure that by the time he comes to sit the exam that he’ll have a an excellent foundation of relevant knowledge.

(ISC)² say that the CISSP provides information security professionals with not only an objective measure of competence but a globally recognized standard of achievement. For my own part, if I’m recruiting a security analyst then I’ll favour the CVs of those who have the certificate – in fact, I’d make it a requirement on the job spec. It shows me that it’s not just an IT person trying his luck but somebody who has gone out of their way to get professional recognition. It doesn’t guarantee they’ll be brilliant at their jobs but it’s a good place to start.

So, back to the question. Am I getting value from my own certification? Maybe not directly anymore but it helped get my foot through the right doors when I needed to and I recognise the work that’s required to achieve it. I’m going to submit my CPEs today and bring my account up to date.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Agreed - good\essential certification for those starting out. Less value as you move up the ladder.
Are you suggesting that CISSP is only to get your foot in the door? If so what other certs are you working on that are valuable?
CISSP is a great way of starting on the Information Security ladder. The next development stages are being covered by the Institute of Information Security Professionals with the M.Inst.ISP qualification which tests competancy (application of skills) as well as knowledge. Recently a group of major UK companies and banks said they would favour M.Inst.ISP for more senior positions.
I don't really get the "it's good for starting out" comments. A pre-requisite for sitting the exam is 5 years working within the field of IT Security (simply having some security responsibility within your current role doesn't count either).