From the “So obvious, the fact that you missed it is definitionally why you’re not permitted to breathe anymore” files… An opinion piece floated at the industry rag “Search Security Dot Com” states that it’s likely that the CISSP certification will lose it’s value when the nice folks at two US colleges (Peirce College and St. Petersburg College) start offering CISSP and SSCP certifications as part of their Bachelors Degree programs.

When I was a boy (like I’m suddenly an armadillo now) it was required that those who received the CISSP must have relevant work experience in the field.  I’m really trying to figure out how it is reasonable to expect a 3 year program student (22 years old - max) is going to have more than a passing amount of actual work experience as an Infosec worker.

From the ISC2 website:

Candidates can substitute a maximum of one year of direct full-time security professional work experience in one or more of the ten domains of the CISSP CBK if they have a four-year college degree or a Master’s Degree in information security from a U.S. National Center of Academic Excellence in information Assurance Education (CAEIAE) or regional equivalent. Also, candidates holding an additional credential on the

(ISC)²-approved list (Contact (ISC)² Services for details) are eligible to waive a year of the professional experience requirement. No more than 2 years total can be waived.

I suppose that it’s all about the greed.  I wish I could find a certification that was actually difficult to get (I didn’t study for the CISA) and which worked to restrict it’s membership to those who actually can do the job and do it every day.

Technorati Tags: security, infosec, certifications, isc2, isaca, cisa, cissp