Thursday, August 28, 2003

New "CISSP Associate" for People without Years

I learned today that people who would like to be a CISSP without having the necessary number of years experience can become a CISSP Associate. I find this rather odd. According to the press release:


"After passing the selected exam and signing (ISC)2's Code of Ethics, the Associate must garner the requisite work experience and successfully complete a professional endorsement process before he/she becomes officially certified as CISSP or SSCP. The CISSP, designed for professionals devising information security strategy, requires four years of professional experience in the field of information security, while the SSCP, designed for professionals following a tactical information security career path, requires one year of experience. Associates of (ISC)2 will not be able to use the designation of CISSP or SSCP until formally certified."


Why bother, then? Is this "CISSP-lite"? I think it's a ploy to get more people to take the exam and say "Yes, prospective employer, I'm 'smart enough' to pass the CISSP exam, even though I only have two years of experience." The press release continues:


"Associates of (ISC)2 who pass these challenging exams will be able to assimilate the discipline and structure that can expedite progress throughout their careers," said Duffy. "The program is ideal for those accumulating their first experience in the field and for students looking toward a future career in our profession."


I think this cheapens the certification, if that were possible. Just keep the CISSP as it is. ISC2 is already diluting it by adding to its "cert suite."

No comments: