What is CISSP?
Black and White, Yin and Yan, Good and Evil – everything has its reverse side. No wonder that the world of computer technologies shares the same conception. In the terms of this world it is called “Hackers and Security Guys". And as usual you may choose the side to come down on. If you are to support Dark Side (Hello Mr. Dart Vader) you are free to find like-minded people: they usually show themselves off (well… not the best of them but who cares for Dark Side’s apprentices?) Proving that you are a seasoned hacker is also easy at least if you are not scared of detention.
Finding the person which to teach you and your personnel and maintaining your security to resist hackers’ attacks is more complex: most of seasoned security guys cannot tell you much about their previous job because of the nature of it. They are to sign non-disclosure agreement with you so they definitely have signed another with a previous employer. And even if they can tell you about their job it’s not very easy to assess their skills and knowledge being nonprofessional in security. If you are a security guy who is seeking for a job you have quite an opposite problem: how to prove the future employer that you are experienced and do have enough knowledge on the subject to cope with the job? Is there a way out? Definitely! What is it? CISSPs.
The abbreviation stands for Certified Informational Systems Security Professional. What does stand behind the abbreviation? The most authoritative certification for security professionals. It was established by (ISC)2 Consortium and was the first security certification to be accredited by ANSI. What is so special about the certification that singles it out of others?
Firstly, it’s designed by active security specialists and is revised regularly to comply with the most current security best practices and techniques.
Secondly, a candidate has to have at least 4 years of experience in one or several domains of security defined by (ISC)2 but general candidate should have 5 years to apply.
Thirdly, the candidate has to pass a difficult exam to become a member of CISSP community.
Fourthly, not only has the person to pass exam but also he or she has to be recommended (endorsed) by one of the current members. This guarantees that the system is self-regulated: no one wants his credentials to lose their power.
Fifthly, the person with a CISSP credentials has to renew the status every three years or earn some quantity of Continuing Professional Education points (CPE). These CPEs are acquired through teaching others, studying security, attending conferences, being professional writer, etc. This ensures that the CISSP status owner’s knowledge and skills are current.
And we even don’t need to speak about clear criminal records, signing the Code of Conduct and paying annual fee.
So the CISSP is confirmed to be a good at dealing with security, but what exactly receives employer hiring the CISSP status holder and what are benefits which the CISSP receives for his ongoing efforts to stay up-to-date and certified?
There are two documents on the (ISC)2 web-site which i summarize below.
Employee: these credentials are “not only a measure of excellence, but a globally recognized standard of achievement". So acquiring the status may literally add up to your salary and definitely may add you more confidence and respect from your employer.
Employer: The person with CISSP credentials is trained and experienced enough to meet strict (ISC)2 rules. Therefore he or she most probably will fit yours expectation. Moreover, the person who holds the credentials for more than three years is eager to maintain his or her level of professionalism. So why not to hire the person who invests his/her time and money in self-development rather than person who don’t?
The sum of the said above is the fact that CISSP credentials are a recognized brand which brings money to the holder and security to the employer. So enjoy being CISSP or hiring those who is.