My Certifications, My Choice!
There was a great post over at the nCircle Sync blog entitled “Do you still value your CISSP?” by Andrew Storms. I have yet to attain this certification but I plan on sitting for the exam in the coming months because I believe it to be a valuable asset in my personal development plan. The reason this post stood out is due to the comments the author received while at his both at RSA:
At RSA, I got one of those badge flags saying “ISC2 Member”. More than a few people asked “How did you get that?” Then before I could answer they would retort in a disgruntled tone “Oh you must have put your CISSP number in at registration. The CISSP doesn’t matter anymore anyway”
The authors response was “Well, OK, thanks for your kind words, I guess?” which was a subdued response compared to what I would have given.
Why do people feel the need to make snide remarks to belittle individual’s personal achievements? If I took the time to learn the subject matter required to both better myself AND pass a difficult exam, who are you to tell me it’s worthless.
Does it make you feel better about yourself to tell me my accomplishments are worthless? Are you a better person because you didn’t put the time into learning what I learned?
If a friend or colleague had a baby, after years and years of trying, would you immediately comment on how long it took them, how they’re time was wasted, and tell them the way that you think they should have approached it? The answer, unless you’re a jerk, is NO! You’d be happy for them, offer some congratulatory remarks, and maybe even provide a meaningful gift to show them how much you care.
When people tell me that one of my certifications are worthless I often think back to my favorite Jack Nicholson quote from the movie A Few Good Men:
We use words like honor, code, loyalty. We use these words as the backbone of a life spent defending something. You use them as a punchline. I have neither the time nor the inclination to explain myself to a man who rises and sleeps under the blanket of the very freedom that I provide, and then questions the manner in which I provide it. I would rather you just said thank you, and went on your way, Otherwise, I suggest you pick up a weapon, and stand a post. Either way, I don’t give a damn what you think you are entitled to.
I am very proud of the 13 certifications that I hold because I know how much time and effort, as does my family, was put into acquiring the knowledge needed to pass those exams.
To CISSP or not to CISSP? I believe that if the designation is valued by your client, and will allow you to get more consulting engagements it is worth getting. If you are full-time employed and are looking to build your skillset across all security domains, it is worth getting.
However, I don’t believe that getting and maintaining a CISSP is necessarily going to keep you “up to date” on the state of the industry. I believe subscribing to blogs, listening to podcasts, writing your own articles and engaging in debates on forums like the Security Catalyst will do a better job of keeping you current, and making your skills visible.
Several years ago I wanted to move into IT Security consulting from Product Management at Entrust. When I met with some of the heads of local consulting companies, they said it would be a good idea for me to write the CISSP, if only to demonstrate that my work experience had given me the relevant knowledge. They recognized that it didn't give a guaranteed skillset, just an indicator.
I did get my CISSP and it worked; and within a year I was working as an independent consultant. However, after 3 years I found that my job experience covered enough of the industry, and I was keeping up to date. So, I let my CISSP certification lapse. None of my clients to date has questioned the currency of my skills, and I may have missed 5 points out of 100 on a compliance matrix for a government standing offer by not having it. I dont feel I need to use it as an indicator of my knowledge any more.
I don’t bad-mouth the certification. It is a pretty tough mental exercise to prepare for and write. But once you have the experience and inherent credibility from your work, you may not need it. But people who wield their CISSP initials like a sword get the brunt of the scorn from others; mostly because it has become a bit of a stereotype in the industry. It is certainly an achievement, but when people see it in an email signature block there is a thought that flashes through their mind, “How much real experience does this person have, if they have to display their badge in every email?"
I think its important to take some pride in accomplishments, but more important to keep them in the right context.
Oh my goodness! a tremendous article dude. Thank you Nevertheless I am experiencing difficulty with ur rss . Don’t know why Unable to subscribe to it. Is there anyone getting similar rss problem? Anyone who is aware of kindly respond. Thnkx