[Infowarrior] - Are you a CISSP?
Richard Forno
rforno at infowarrior.org
Mon Aug 27 15:21:02 CDT 2012
(via jericho)
If you are, you should be aware that ISC2 board elections are coming up. Last year, Wim Remes decided to run a petition to get his name added to the ballot, and ultimately joined the board. He did so seeking to help change ISC2 for the better, to begin to tackle the many criticisms leveled against the organization, and their CISSP certification.
This year, four more people are looking to join the board. Each of them are going through the petition process, which requires 500 signatures from current CISSP holders. This will get their name on the ballot, where they hope to get elected to the board to bring more change.
I have been an outspoken critic of ISC2 in the past. This includes one published article on the Code of Ethics [1], countless Tweets, dozens of mails to ISC2's general counsel, and more. Recently, I also did a guest bit for a presentation on "Why You Should Not Get a CISSP" at DEFCON 20 [2]. The presentation was done by Timmay, and the most revealing part was exposing how the CBK had barely been updated the last 15 years.
Personally, I think the current ISC2 board is stale and needs a refresh. I think the same people are frequently re-elected and have little motivation to make real change within the organization. Since it is ridiculously profitable, there may not be much incentive to do so for some of them. On the other hand, look at what ISC2 has done in terms of community outreach and supporting non-ISC2 security projects or initiatives. It was only a few months ago that ISC2 finally made an appearance at BlackHat, after Remes helped push for more public interaction from the organization.
So, if you are an active CISSP holder, consider the value of your certification. Consider what ISC2 does, especially with the money you have given them. Remember that with around 100,000 CISSPs, frequently obtained by non-security people, that the value of the certification is slowly dwindling. It is NOT a measure of security knowledge; it is a punch line to many jokes. I believe you should be concerned about this, and look to change it. That starts with having a more active, outspoken, and driven board.
Please read these petitions and consider alternative board members this year:
(1) Boris Sverdlik (@JadedSecurity) [http://jadedsecurity.net/2012/08/22/isc2-bod-vote-2012/]
(2) Dave Lewis (@gattaca) [http://www.liquidmatrix.org/blog/vote-for-dave/]
(3) Chris Nickerson (@indi303) [http://change.isc4thepeople.com/]
(4) Scot Terban (@krypt3ia) [http://krypt3ia.wordpress.com/2012/08/23/isc2-board-candidacy/]
This summary of candidates and more perspective comes from Robert Graham (@ErrataRob) and a blog post he wrote about the subject [3].
Thanks for your consideration,
- jericho
[1] http://attrition.org/security/rants/cissp_convenient_ethics/
[2] http://attrition.org/security/conferences/
[3] http://erratasec.blogspot.com/2012/08/these-guys-want-to-reform-isc2cissp.html
---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.
More information about the Infowarrior
mailing list